Get Instant Access
to This Blueprint

Small Enterprise Resources icon

Build an Information Security Strategy for Small Enterprises

Large threats target small enterprises. Protect and defend your organization against the inevitability of cyberattack.

  • Ironically, the misconception that small enterprises are less targeted due to having less-valuable assets has led to increases in breaches as these organizations have failed to strengthen their defense against threat, which has increased their vulnerability in the wake of more advanced, automated, and indiscriminate cyberattacks.

Our Advice

Critical Insight

  • Just because you haven’t identified a breach doesn’t mean you’re secure. A good security program is proactive about closing security gaps because ignorance is never blissful.

Impact and Result

  • Security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensures the security strategy is built in alignment with and supportive of strategies and plans.
  • Info-Tech’s small enterprise security framework ensures the appropriate areas of security are made the primary focus of your current/target state assessment and strategy.
  • Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but also the one the organization will support.

Build an Information Security Strategy for Small Enterprises Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build an information security strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Assess security requirements

Define the business, customer, and compliance alignment for the security program and determine the organization’s security risk tolerance.

2. Build a gap initiative strategy

Use our small enterprise security framework to perform a gap analysis between current and target states and define security goals and duties.

3. Prioritize initiatives and build roadmap

Synthesize and prioritize the gap analysis into a list of actionable security initiatives.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.


Overall Impact


Average $ Saved


Average Days Saved




$ Saved

Days Saved

Ames Tile & Stone

Guided Implementation




Ames Tile & Stone

Guided Implementation




It is hard to estimate the savings in time and money. I probably under estimated. It has been a pleasure working with Michal. Michal was very pa... Read More

Synergi Partners

Guided Implementation




Inter Continental Real Estate and Development Corporation

Guided Implementation




I appreciate the at we did the diagnotics first, so we can figure out the best next steps instead of getting into detailed information. We need to... Read More

Calgary Public Library

Guided Implementation




Citron Hygiene

Guided Implementation




Best - opened my eyes to the complexity of IT security planning. Worst - I do not see any.

Wikwemikong Office

Guided Implementation




The Master's University

Guided Implementation




Clear directions and steps to evaluate and implement our Security Strategy

Tomra of North America, Inc

Guided Implementation




We just at the beginning, but appreciate the thought behind the tools and approach, especially how they are targeted towards a small enterprise and... Read More

Workshop: Build an Information Security Strategy for Small Enterprises

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Security Requirements

The Purpose

  • Determine the business, customer, and compliance goals and obligations that the security strategy must support.
  • Define organizational security risk tolerance.

Key Benefits Achieved

  • Clear understanding of how to align the security strategy with the business.
  • Formalized and documented security pressure and risk tolerance information.




Discuss business and IT strategy and plans.

  • Shared understanding of security strategy drivers

Define business, customer, and compliance goals and obligations.

  • Information security alignment and obligations statement

Define information security risk tolerance.

  • Defined information security risk tolerance

Module 2: Perform a Gap Analysis

The Purpose

  • Identify current and target security capabilities and what would be required to achieve the target state.

Key Benefits Achieved

  • Comprehensive list of all initiatives that could be undertaken to achieve security targets in every area.




Assess current and target security capabilities.

  • Current- vs. target-state gap analysis

Define gap initiatives to achieve target state.

  • Actionable initiatives to resolve security gaps

Module 3: Plan for the Transition

The Purpose

  • Prioritize the order of execution for security initiatives.

Key Benefits Achieved

  • Prioritized roadmap of security initiatives and persuasive rationale for stakeholders.




Build effort map and prioritize gap initiatives.


Build roadmap for execution order for gap initiatives.

  • Security strategy roadmap and action plan
Build an Information Security Strategy for Small Enterprises preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.


Overall Impact

Average $ Saved

Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess security requirements
  • Call 1: Introduce project and complete pressure analysis.
  • Call 2: Define security obligations and organizational risk tolerance level.

Guided Implementation 2: Build a gap initiative strategy
  • Call 1: Introduce the maturity assessment.
  • Call 2: Perform gap analysis and translate into initiatives (often several calls to work through the gap analysis).

Guided Implementation 3: Prioritize initiatives and build roadmap
  • Call 1: Consolidate related gap initiatives.
  • Call 2: Review cost/benefit analysis and build an effort map.
  • Call 3: Build implementation waves and introduce Gantt chart.


Ben Mackle


  • Peter Clay, Zeneth Tech Partners, Principal
  • Ken Towne, Zeneth Tech Partners, Security Architect
  • Luciano Siqueria, Road Track, IT Security Manager
  • David Rahbany, The Hain Celestial Group, Director IT Infrastructure
  • Rick Vadgama, Cimpress, Head of Information Privacy and Security
  • Doug Salah, Wabtec Corp, Manager of Information Security and IT Audit
  • Peter Odegard, Children’s Hospitals and Clinics, Information Security Officer
  • Trevor Butler, City of Lethbridge, Information Technology General Manager
  • Shane Callahan, Tractor Supply, Director of Information Security
  • Jeff Zalusky, Chrysalis, President/CEO
  • Candy Alexander, Independent Consultant, Cybersecurity and Information Security Executive
  • Dan Humbert, YMCA of Central Florida, Director of Information Technology
  • Ron Kirkland, Crawford & Co, Manager ICT Security & Customer Service
  • Jason Bevis, FireEye, Senior Director Orchestration Product Management – Office of the CTO
  • Joan Middleton, Village of Mount Prospect, IT Director
  • Jim Burns, GreatAmerica Financial Services, Vice President Information Technology
  • Ryan Breed, Hudson’s Bay, Information Security Analyst
  • James Fielder, Farm Credit Services – Central Illinois, Vice President of Information Systems

Search Code: 91139
Last Revised: February 6, 2020

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019