Cyber Security Policy

Cyber Security Plan

An October 2009 survey of 1,500 small business owners conducted by the National Cyber Security Alliance and Symantec found that “small business owners’ cyber security policies and actions are not adequate enough to ensure the safety of their employees, intellectual property, and customer data.”

House Passes Cyber Security Bill - A Good Start?

Only a short time ago headlines reported Google’s claim of a cyber attack originating in China. More recently it was National Intelligence Director Dennis Blair and CIA Director Leon Panetta who testified before Congress, warning of increasing cyber threats and vulnerabilities in our nation’s critical systems. And on February 4 the U.S. House of Representatives overwhelmingly passed H.R. 4061, The Cybersecurity Enhancement Act, by a rare bipartisan vote of 422-5.

Cyber Security Policy

An organization’s Cyber Security policy is a document that is tailored to its unique security needs, approved by management and distributed to all employees and partners in a form that is relevant, accessible and understandable to the intended reader. This policy document should address the following:

  • A definition of information security including a statement of management commitment and how information security objectives align with business strategy and objectives.

Risk Assessment

The security of your information systems is essential to the continued success of your small business. With so many security threats and vulnerabilities, where do you start? Can you identify the threats faced by your company? Have you identified your company’s specific network vulnerabilities? What is the probability that your company will fall victim to an attack exploiting those vulnerabilities? What are the financial implications?