Build an Information Security Strategy for Small Enterprises
Large threats target small enterprises. Protect and defend your organization against the inevitability of cyberattack.
- Ironically, the misconception that small enterprises are less targeted due to having less-valuable assets has led to increases in breaches as these organizations have failed to strengthen their defense against threat, which has increased their vulnerability in the wake of more advanced, automated, and indiscriminate cyberattacks.
Our Advice
Critical Insight
- Just because you haven’t identified a breach doesn’t mean you’re secure. A good security program is proactive about closing security gaps because ignorance is never blissful.
Impact and Result
- Security requirements gathering across the organization, key stakeholders, customers, regulators, and other parties ensures the security strategy is built in alignment with and supportive of strategies and plans.
- Info-Tech’s small enterprise security framework ensures the appropriate areas of security are made the primary focus of your current/target state assessment and strategy.
- Tested and proven rationalization and prioritization methodologies ensure the strategy you generate is not only the one the organization needs, but also the one the organization will support.
Build an Information Security Strategy for Small Enterprises
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should build an information security strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
1. Assess security requirements
Define the business, customer, and compliance alignment for the security program and determine the organization’s security risk tolerance.
2. Build a gap initiative strategy
Use our small enterprise security framework to perform a gap analysis between current and target states and define security goals and duties.
3. Prioritize initiatives and build roadmap
Synthesize and prioritize the gap analysis into a list of actionable security initiatives.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
8.0/10
Overall Impact
$10,000
Average $ Saved
10
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Calgary Public Library
Guided Implementation
8/10
$10,000
10
Citron Hygiene
Guided Implementation
9/10
$3,000
4
Wikwemikong Office
Guided Implementation
10/10
N/A
120
The Master's University
Guided Implementation
10/10
$100K
120
Tomra of North America, Inc
Guided Implementation
8/10
$12,733
10
Onsite Workshop: Build an Information Security Strategy for Small Enterprises
Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Assess Security Requirements
The Purpose
- Determine the business, customer, and compliance goals and obligations that the security strategy must support.
- Define organizational security risk tolerance.
Key Benefits Achieved
- Clear understanding of how to align the security strategy with the business.
- Formalized and documented security pressure and risk tolerance information.
Activities
Outputs
Discuss business and IT strategy and plans.
- Shared understanding of security strategy drivers
Define business, customer, and compliance goals and obligations.
- Information security alignment and obligations statement
Define information security risk tolerance.
- Defined information security risk tolerance
Module 2: Perform a Gap Analysis
The Purpose
- Identify current and target security capabilities and what would be required to achieve the target state.
Key Benefits Achieved
- Comprehensive list of all initiatives that could be undertaken to achieve security targets in every area.
Activities
Outputs
Assess current and target security capabilities.
- Current- vs. target-state gap analysis
Define gap initiatives to achieve target state.
- Actionable initiatives to resolve security gaps
Module 3: Plan for the Transition
The Purpose
- Prioritize the order of execution for security initiatives.
Key Benefits Achieved
- Prioritized roadmap of security initiatives and persuasive rationale for stakeholders.
Activities
Outputs
Build effort map and prioritize gap initiatives.
Build roadmap for execution order for gap initiatives.
- Security strategy roadmap and action plan
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Try Our Guided Implementations
Get the help you need in this 3-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.
Guided Implementation #1 - Assess security requirements
- Call #1 - Introduce project and complete pressure analysis.
- Call #2 - Define security obligations and organizational risk tolerance level.
Guided Implementation #2 - Build a gap initiative strategy
- Call #1 - Introduce the maturity assessment.
- Call #2 - Perform gap analysis and translate into initiatives (often several calls to work through the gap analysis).
Guided Implementation #3 - Prioritize initiatives and build roadmap
- Call #1 - Consolidate related gap initiatives.
- Call #2 - Review cost/benefit analysis and build an effort map.
- Call #3 - Build implementation waves and introduce Gantt chart.
Contributors
- Peter Clay, Zeneth Tech Partners, Principal
- Ken Towne, Zeneth Tech Partners, Security Architect
- Luciano Siqueria, Road Track, IT Security Manager
- David Rahbany, The Hain Celestial Group, Director IT Infrastructure
- Rick Vadgama, Cimpress, Head of Information Privacy and Security
- Doug Salah, Wabtec Corp, Manager of Information Security and IT Audit
- Peter Odegard, Children’s Hospitals and Clinics, Information Security Officer
- Trevor Butler, City of Lethbridge, Information Technology General Manager
- Shane Callahan, Tractor Supply, Director of Information Security
- Jeff Zalusky, Chrysalis, President/CEO
- Candy Alexander, Independent Consultant, Cybersecurity and Information Security Executive
- Dan Humbert, YMCA of Central Florida, Director of Information Technology
- Ron Kirkland, Crawford & Co, Manager ICT Security & Customer Service
- Jason Bevis, FireEye, Senior Director Orchestration Product Management – Office of the CTO
- Joan Middleton, Village of Mount Prospect, IT Director
- Jim Burns, GreatAmerica Financial Services, Vice President Information Technology
- Ryan Breed, Hudson’s Bay, Information Security Analyst
- James Fielder, Farm Credit Services – Central Illinois, Vice President of Information Systems