This document provides an overview of information security best practices for small businesses. It discusses the importance of information security for small businesses, common threats such as cybercrime and malicious software. It outlines the key components of information security as people, processes, and technology. It provides recommendations for security policies, backups, access controls, firewalls, software updates, and secure practices for email, wireless networks, and online activities. The document emphasizes establishing security as a foundational part of running a successful small business.

1. Information Security For Small Businessby Julius Clark Sr., CISSP, CISA | October 13th 2009

2. About MeJulius Clark Sr.Location: Charlotte, NCCurrent home, been residing in Charlotte, NC for over 10 yearsHometownBoston, MaProfessionInformation Security Professional.BDPA Charlotte History2010-2012 President2007-2009 President-Elect2006-2004 VP of Education & SITES2001-2003 Coordinator - High School Computer CompetitionEducationMBA in Information Security

3. MSIS in Information Security

4. BS in Electronic EngineeringCertificationsCertified Information Systems Security Professional (CISSP)

5. Certified Information Systems Auditor (CISA)

6. Microsoft Certified System Engineer (MSCE).2

7. Agenda Information Security for Small Business3

8. Agenda (Continued)Information Security for Small Business4

9. Small Business Wholeness5

10. Maslow’s Hierarchy of NeedsBeing aware of one’s Wholeness keeps bad things from happening. A solid foundation must be built to advance. Understanding your environment, your health and activities helps one to continually perform a risk assessments and move to the next level.Self – Actualization – Being All You Can Be

11. Esteem - Recognition for Good Work

12. Love - Acceptance

13. Safety & Security – Stability

14. Needs – Air , Food, Water, Shelter6

15. Maslow’s Business ComparisonMaslow’s Hierarchy of Needs can be applied to building a successful business. IT Security is a foundation that businesses must build upon to lower IT Security risks and gain a competitive edge.Self – Actualization – Meeting the Mission Statement

16. Esteem - Recognition in Market Place

17. Love - Acceptance by Clients or Customers

18. Safety & Security – IT Security & Insurance

19. Needs – Capital & People7

20. What is Information Security?8

21. What Is Information Security?Protecting your information, technology, property, products and people, thus protecting your business. The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA.Confidentiality

22. Integrity

23. Availability9

24. What Is Information Security?Confidentiality Concept of protecting information from improper disclosure and protecting the secrecy and privacy of sensitive data so that the intellectual property and reputation of an organization is not damaged and that data related to individuals is not released in violation of regulations or the privacy policy of the organization.- From the CISSP® CBK®10

25. What Is Information Security?Integrity Addresses two objects, which are protecting data and processes from improper modification, and the ensuring the operations of the information is reliable and performing as expected.- From the CISSP® CBK®11

26. What Is Information Security?Availability Addresses two concepts, which are protecting data and processes from improper modification, and the concept of ensuring the operations of the information system is reliable and performing as expected.- From the CISSP® CBK®:12

27. Importance Of Small BusinessStatistic:There are over 26 million small businesses in the U.S.Source: NIST13

28. What Is At Stake?Your Business! Your business is at risk of being damaged due to:Financial loss

29. Lawsuits

30. Reputation loss

31. loss of market share

32. Theft of its technology , resources and products

33. Denial of service attacks

34. Blackmail14

35. Who Are The Actors?Their Roles:Experimenters

36. Hacktivists

37. Cyber criminals

38. Information Warriors

39. Employees

40. Dumpster divers

41. Natural disasters

42. Terrorist activities15

43. Who Are The Actors?Malicious Code!Key loggers – Stealing your keystrokes

44. Viruses

45. Denial of service

46. Turning your computer into a zombie aka “Bot”16

47. Cyber Crime In the news17

48. Cyber Crime In the News18

49. Cyber Crime Statistics!Insider threats are responsible for over 80% of small business issues.There are over 70,000 active viruses ; and exponentially growingInformation Security threats can damage or destroy small business33% businesses with 100 employees or less had a computer incidentSource: NIST19

50. Cyber Crime Statistics!Small Business Cyber Crime Report42 % of businesses has a Laptop theft44% of businesses suffered from Insider Abuse21% of businesses reported Denial of Service50% of businesses detected a viruses20% of business systems became a “Bot”Source: Computer Security Institute Survey20

51. Cyber Crime Statistics!Reported Data Breaches2007 - there were 445 data breaches reported 2008 – there were 656 data breaches reported2009 – approx. 392 data breaches reported so far this year.Source: October 9, 2009 USAToday21

52. Privacy Rights Clearinghousewww.privacyrights.org22

53. Privacy Rights Clearinghousewww.privacyrights.orgThe 339,861,901 indicates the total number of records compromised23

54. The components of Information Security24

55. The Components of Information SecurityThe Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA.People

56. Processes