- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Small-site Information Security on a (very loose) shoestring - a case study
- Abstract
- Large corporations recognize the need to invest manpower, time, and money managing their system and network infrastructures. Most of these companies have also recognized the value in focusing specifically on information security to protect and manage their assets, secrets and reputations. Unfortunately, this same understanding of the need and value of information security is not seen at a significant portion of midsize and smaller companies. This may be because of the perceived cost and/or complexity, management attitudes, or simply a lack of knowledge. This lack of understanding puts all Internet users at increased risk of attack or compromise. This paper will describe one such smaller company and the state I found it in when I joined it. This will be followed by a review of corrective actions (and their limitations) that significantly enhanced the overall security posture.