Risk Management for SMEs webcast
Risk Management for SMEs webcast
Jan 17, 2012
On Jan 17, I presented “Risk Management for SMEs”, the second webcast in the SANS Institute’s “Information Security for SMEs” webcast series.
The first part of the webcast was a brief introduction to risk management and to ISO 27005, the “Information Security Risk Management” standard.
The next part of the webcast was about information risk assessment and management methodologies. I made several points that are important for SME managers to consider:
•Traditional risk assessment methodologies often don’t scale well for SMEs. They tend to be overly complex and can take a 6–12 month time commitment to learn and implement. Most SMEs can’t afford this time commitment.
•Knowledge-based risks assessments may be more effective for SMEs. They are based on performing a gap analysis between a well-known information security standard and an organization’s current information security implementation.
•The CPI-RISC Information Risk Framework can be used to perform rapid, knowledge-based risks assessment. Based on ISO 27001, ISO 27005, and the SANS 20 Critical Security Controls, the Framework provides an easy-to-use summary of several well-known information security standards.
The final part of the webcast was about the role of risk metrics: to quantify the current level of risk and to demonstrate the success of an information security program over time.
The webcast may be viewed at the SANS Webcast Archive:
https://www.sans.org/webcasts/risk-management-smes-94934.
Slide handout: PDF file (English)
NOUVEL Blogs > InfoSec for SMEs