https://community.isc2.org/t5/Security-for-SMBs/How-aware-are-local-SMBS-of-Resources-to-assist-them-with/m-p/59118#M31 <P>I worked for a private company that had grown into an IT infrastructure without properly knowing how to manage it.&nbsp; And that speaks to technical administration and executive governance, in addition to protection and security.</P><P>&nbsp;</P><P>When I started looking for cybersecurity guidance, two names kept coming up:&nbsp; SANS, and Center for Internet Security.&nbsp; Their documents were useful to me, and I downloaded a lot of their templates and benchmarks!&nbsp; But neither the documents nor my use of them to frame the risk to our company were convincing enough for leadership to prioritize cybersecurity.</P><P>&nbsp;</P><P>SANS and CIS are highly valuable for entities who need a starting point.&nbsp; SANS has great policy templates, and CIS has excellent build benchmarks.</P><P>&nbsp;</P><P>No matter what, though, you must convince your leadership for buy-in.&nbsp; You must create a compelling argument which your leadership must address as a responsibility of governance and mission.&nbsp; If you don't have that, then you might as well stop.</P> Tue, 16 May 2023 12:27:51 GMT ericgeater 2023-05-16T12:27:51Z https://community.isc2.org/t5/Security-for-SMBs/How-aware-are-local-SMBS-of-Resources-to-assist-them-with/m-p/59115#M30 <P>Please share the "Common Resources," or lack thereof, that you hear frequently from SMBS. Thank you!</P> Mon, 09 Oct 2023 10:31:57 GMT https://community.isc2.org/t5/Security-for-SMBs/How-aware-are-local-SMBS-of-Resources-to-assist-them-with/m-p/59115#M30 WVBC23-BNetSec 2023-10-09T10:31:57Z https://community.isc2.org/t5/Security-for-SMBs/How-aware-are-local-SMBS-of-Resources-to-assist-them-with/m-p/59118#M31 <P>I worked for a private company that had grown into an IT infrastructure without properly knowing how to manage it.&nbsp; And that speaks to technical administration and executive governance, in addition to protection and security.</P><P>&nbsp;</P><P>When I started looking for cybersecurity guidance, two names kept coming up:&nbsp; SANS, and Center for Internet Security.&nbsp; Their documents were useful to me, and I downloaded a lot of their templates and benchmarks!&nbsp; But neither the documents nor my use of them to frame the risk to our company were convincing enough for leadership to prioritize cybersecurity.</P><P>&nbsp;</P><P>SANS and CIS are highly valuable for entities who need a starting point.&nbsp; SANS has great policy templates, and CIS has excellent build benchmarks.</P><P>&nbsp;</P><P>No matter what, though, you must convince your leadership for buy-in.&nbsp; You must create a compelling argument which your leadership must address as a responsibility of governance and mission.&nbsp; If you don't have that, then you might as well stop.</P> Tue, 16 May 2023 12:27:51 GMT https://community.isc2.org/t5/Security-for-SMBs/How-aware-are-local-SMBS-of-Resources-to-assist-them-with/m-p/59118#M31 ericgeater 2023-05-16T12:27:51Z https://community.isc2.org/t5/Security-for-SMBs/How-aware-are-local-SMBS-of-Resources-to-assist-them-with/m-p/59246#M32 <P>Hello,&nbsp;&nbsp;<SPAN>Common resources that SMBs frequently mention as lacking include access to affordable financing and capital, skilled labor and talent, technological infrastructure and IT support, marketing and advertising resources, and networking opportunities. Additionally, SMBs often express challenges in navigating complex regulations and compliance requirements, as well as difficulties in competing with larger businesses due to limited resources and economies of scale</SPAN></P> Wed, 17 May 2023 06:26:47 GMT https://community.isc2.org/t5/Security-for-SMBs/How-aware-are-local-SMBS-of-Resources-to-assist-them-with/m-p/59246#M32 Hannahchambers 2023-05-17T06:26:47Z