The Information Security for SMEs webcast series in on hiatus during NOUVEL’s move to the US. Check back later in 2013 for an updated webcast schedule.
1 Information Security for SMEs
Date / Time: 22 Nov 2011 / 9am EST (US ) / 3pm CET (Europe)
Webcast Archive: https://www.sans.org/webcasts/information-security-smes-jim-herbeck-94849
Handout: PDF file (English)
Date / Time: 27 Mar 2012 / 9:30am CEST (Europe) / 6:30pm EDT (Australia)
Webcast Archive: https://www.sans.org/webcasts/information-security-smes-95159
Handout: PDF file (English)
Stories in the news about information security breaches often focus on high-profile corporations and multi-national organizations. This could create the impression that smaller organizations face a smaller risk of being hacked. "But that's not true!" says Jim Herbeck, presenter of this webcast on information security for SMEs. "Small- and medium-sized enterprises face the same challenges as larger organizations in protecting the confidentiality and integrity of their data and the availability of their resources. At the same time, SMEs must develop and implement their information risk management and security program under the constraints imposed by a smaller budget and organization," Herbeck says. This webcast will offer an overview of information security that is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
2 Risk Management for SMEs
Date / Time: 17 Jan 2012 / 9am EST (US ) / 3pm CET (Europe)
Webcast Archive: https://www.sans.org/webcasts/risk-management-smes-94934
Handout: PDF file (English)
Managing information- and IT-related risk is a big undertaking for large organizations. It can be even more challenging for small- and medium-sized enterprises (SMEs). One of the first steps in the risk management process is risk assessment. Often the risk assessment methodologies used by large corporations don't work well for SMEs. Some risk assessment methodologies can take 6-12 months, or longer, to perform. "That simply doesn't work for SMEs," says Jim Herbeck, presenter of this webcast on information security for SMEs. "SMEs need results--something that validates their expenditures for risk management and information security, not just paper reports that accomplish nothing tangible," Herbeck says. This webcast offers an overview of risk management along with pragmatic ideas for how to accelerate the risk assessment process. The webcast is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
3 Writing Information Security Policy for SMEs
Date / Time: 21 Feb 2012 / 9am EST (US ) / 3pm CET (Europe)
Webcast Archive: https://www.sans.org/webcasts/writing-information-security-policy-smes-94939
Handout: PDF file (English)
It's really striking how bad information security policy can be at some organizations. Large multi-national organizations may have information security policies in excess of 100 pages. "The problem with a 100-page policy is that very few people in the organization have ever read it," says Jim Herbeck, presenter of this webcast on information security for small- and medium-sized enterprises (SMEs). "This is one area where, with a bit of foresight, SMEs can run circles around larger organizations. It should be possible for an SME to write compact, effect policy by objective and approve it in a fraction of the time that bigger organizations require," according to Herbeck. This webcast offers an overview of how to write information security policy, and is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
4 Managing Network-related Risk for SMEs
Date / Time: 20 Mar 2012 / 10am EDT (US ) / 3pm CET (Europe)
Webcast Archive: https://www.sans.org/webcasts/managing-network-related-risk-smes-94944
Handout: PDF file (English)
Everyone understands that the threat of cyber attack via the Internet is very real. And every small- and medium-sized enterprise (SME) has implemented a firewall to manage that risk. "But is that enough?" asks Jim Herbeck, presenter of this webcast on information security for SMEs. "A network firewall is only the starting point for network security, not the endpoint. There are many additional steps an SME can take to secure their network," says Herbeck. This webcast offers concrete advice for SMEs about managing network-related risk from ISO 27001 and the SANS 20 Critical Security Controls. The webcast is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
5 Managing Legal, Regulatory, and Compliance Risk for SMEs
Date / Time: 17 Apr 2012 / 9am EDT (US ) / 3pm CEST (Europe)
Webcast: https://www.sans.org/webcasts/managing-legal-regulatory-compliance-risk-smes-95076
Handout: PDF file (English)
In recent years, compliance--or rather, avoiding non-compliance--has been the goal of many information security programs. Governments are increasingly imposing large fines on organizations that mishandle sensitive data through negligence or a lack of exercising due care. Large multi-nationals have dedicated legal staff to manage the complexity of legal, regulatory, and compliance obligations. "How should small- and medium-sized enterprises (SMEs) handle legal risks?" asks Jim Herbeck, presenter of this webcast on information security for SMEs. "Although seeking external legal advice has a cost associated with it, ignoring legal risk can be many times more expensive," says Herbeck. This webcast offers concrete advice for SMEs about managing legal, regulatory, and compliance risk from ISO 27001. The webcast is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
6 Managing System-related Risk for SMEs
Date / Time: 15 May 2012 / 9am EDT (US ) / 3pm CEST (Europe)
Webcast: https://www.sans.org/webcasts/managing-system-related-risk-smes-95141
Handout: PDF file (English)
Some organizations think that their firewall provides all the protection their desktop and server systems require. "I know one organization that had simply stopped applying operating system security updates--they thought it was a waste of time," says Jim Herbeck, presenter of this webcast on information security for SMEs. "While firewalls block many attacks, they can't and don't block everything. Security on your desktop and server systems is an important second line of defense against those attacks that get past your firewall," Herbeck explains. This webcast offers concrete advice for SMEs about managing system-related risk from ISO 27001 and the SANS 20 Critical Security Controls. The webcast is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
7 Managing Third Party Risk for SMEs
Date / Time: 19 Jun 2012 / 9am EDT (US ) / 3pm CEST (Europe)
Webcast: https://www.sans.org/webcasts/managing-third-party-risk-smes-95239
Some organizations think that their firewall provides all the protection their desktop and server systems require. "I know one organization that had simply stopped applying operating system security updates--they thought it was a waste of time," says Jim Herbeck, presenter of this webcast on information security for SMEs. "While firewalls block many attacks, they can't and don't block everything. Security on your desktop and server systems is an important second line of defense against those attacks that get past your firewall," Herbeck explains. This webcast offers concrete advice for SMEs about managing system-related risk from ISO 27001 and the SANS 20 Critical Security Controls. The webcast is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
8 Managing Malicious Software Risk for SMEs
Date / Time: 17 Jul 2012 / 9am EDT (US ) / 3pm CEST (Europe)
Webcast: https://www.sans.org/webcasts/managing-malicious-software-risk-smes-95309
Malicious software, or malware, has existed since the 1980s. Even though the problem is well understood, in recent years the situation has been getting worse. One recent report indicates that one in every 14 internet downloads contains malware! "So, is having anti-virus software installed on desktop computers enough to counter the threat posed by malware?" asks Jim Herbeck, presenter of this webcast on information security for SMEs. "Desktop anti-virus software is the logical starting point for addressing the malware problem. But there are many additional steps SMEs can take to protect themselves from malware," says Herbeck. This webcast offers concrete advice from ISO 27001 and the SANS 20 Critical Security Controls about managing malicious software risk for SMEs. The webcast is appropriate for anyone who's responsible for managing, developing, or implementing information security at an SME.
NOTE: Europeans prefer the term Small and Medium Enterprise (SME); Americans prefer the term Small and Medium Business (SMB). The European Union (EU) defines SMEs as having fewer than 250 employees (see EU SME definition); Americans generally define SMBs as having fewer than 500 employees.
