For small- and medium-sized enterprises (SMEs) to prepare for and manage cybersecurity risk and threats, ISACA, the US-based association for information systems people, has published two new guides. They are: Cybersecurity Guidance for Small and Medium-sized Enterprises and Implementing Cybersecurity Guidance for Small and Medium-sized Enterprises. The publications work in tandem; first to establish a standard based on the COBIT 5 framework and then to provide hands-on cybersecurity guidance, the association says.
According to the guides, while cybercrime at SMEs is increasing, cybersecurity has lagged because of cost and poor performance. The guides provide tips on how even SMEs with limited resources can reduce attack risks with a prudent cybersecurity strategy.
Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies, said: “Today, cybercrime and cyber warfare are not restricted to large enterprises—SMEs are being targeted, as well. No enterprise is 100 percent secure. Stakeholders need to understand that cybersecurity is a constantly evolving process—not an end result. These guides are well designed to help smaller organizations implement robust security strategies and governance.”
Cybersecurity Guidance for Small and Medium-sized Enterprises is based on COBIT 5, a business framework for the governance and management of enterprise information and technology. It focuses on cybersecurity guiding principles, governance, risk management and assurance.
The companion guide, Implementing Cybersecurity Guidance for Small and Medium-sized Enterprises, is based on eight principles, including understanding end user behaviors, stating the business case and establishing governance.
The guidance documents are each available in print and online for US$35 for ISACA members and US$60 for non-members at www.isaca.org/cyber-guidance and www.isaca.org/implementing-cyber-guidance.
