SMB Security Risk Management Guide

This document provides a checklist of questions for companies to consider regarding their information security preparedness. It addresses endpoints/servers, personnel security, physical security, network security, and asset security. For each category, it lists several questions about security measures and policies in place, such as whether antivirus software is used, credentials are strong, personnel are trained, physical locations are secure, firewalls are implemented, and devices are patched and accounted for. The checklist is intended to be used by companies to examine their security risks and ensure all relevant questions are considered.

Uploaded by

net13ops

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

20 views2 pages

SMB Security Risk Management Guide

Uploaded by

net13ops

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

Information Security Preparedness

Checklist
You should always use your own risk assessment capabilities to examine the
security risks in your environment. During this course, you made a quick list of the
risks your company and industry face. As a further resource, here are some
questions to keep you going. You can treat this like a checklist, and make sure that
each question has been considered (if it is relevant to your company).

Endpoints/Servers:
● Do you have antivirus software?
● Is it centrally managed?
● Do the infections get automatically quarantined or are there
breakthroughs? (Consider better AV or behavior-based endpoint detection
and response [EDR]).
● Are all your default credentials changed?
● Are all your credentials strong and mandated to be strong?
● Are your end user credentials rotated at least annually?

Personnel Security:
● Have you trained your personnel?
● Do you test your personnel on that training?
● Do your people know what to do in the event of an information security
incident?
● Do you know who the common targets are—those who get phishing
attacks or malware the most?
● What if you train them and they continue to click bad links or reply to bad
emails? (You need a policy with teeth.)

Security Risk Management in a Small to Medium Business Environment

Information Security Preparedness
Checklist
Physical Security:
● How secure is your computing equipment physically from:
○ Theft?
○ Fire?
○ Flood?
○ Electrical outage (Short or long term)?
● How secure is your physical office location (if you still have one) from
theft, fires, floods, or electrical outages?
● How secure is your data center from unauthorized access? Do you have
cameras? Do you have multi-factor authentication on the door?
● Have you had a physical security penetration test?
● Do you train your employees on physical security?
● Does your worksite have safety issues? Is there a risk of further safety
issues?

Network Security (LAN/WAN):

● Do you have firewalls?
● Do you have lists of public vs private addresses?
● Do you audit that list regularly for changes?
● What is public? Is it secure? Has it been pen-tested?
● Do you check the access of your endpoints/public sites against known bad
actors?
● Do you monitor and control egress traffic (categorical blocking, allow/deny
lists, etc.)?
● Do you monitor and control ingress traffic (known bad actors, entire
geolocations, etc.)?

Asset Security (Devices):

● What devices do you have? (Look at purchase orders to get a source of
truth.)
● How many of each type?
● Who has them? (Cloud, office, someone’s home?)
● Who is supposed to have them? (Usually when conducting this audit,
you’ll find at least one item that is not where it’s supposed to be.)
● Have old devices been returned?
● Have old devices been securely destroyed? Is this necessary?
● Are your devices getting patches?
● Do your devices have vulnerabilities?

Security Risk Management in a Small to Medium Business Environment

Paper4 Cybersecurity Small Business
No ratings yet
Paper4 Cybersecurity Small Business
4 pages
Cybersecurity Check List. WorkSmart
No ratings yet
Cybersecurity Check List. WorkSmart
1 page
A Vendor Risk Management Questionnaire Template 1655110077
No ratings yet
A Vendor Risk Management Questionnaire Template 1655110077
4 pages
IT Risk Assessment Checklist
100% (5)
IT Risk Assessment Checklist
10 pages
IT Audit Checklist PDF
No ratings yet
IT Audit Checklist PDF
3 pages
Cybersecurity Full PDF
No ratings yet
Cybersecurity Full PDF
10 pages
Risks in Computing
No ratings yet
Risks in Computing
6 pages
Q.What Is Cyber Disaster Planning? Discuss The Guidelines For Cyber Disaster Planning
No ratings yet
Q.What Is Cyber Disaster Planning? Discuss The Guidelines For Cyber Disaster Planning
16 pages
Ad 5 Case Study
100% (1)
Ad 5 Case Study
11 pages
Small Biz Sunday Cybersecurity For The Small Business
No ratings yet
Small Biz Sunday Cybersecurity For The Small Business
16 pages
An IT Security Manager's Checklist
0% (1)
An IT Security Manager's Checklist
4 pages
Unit42 Cybersecurity Checklist 57 Tips
No ratings yet
Unit42 Cybersecurity Checklist 57 Tips
6 pages
Computer Security Audit Checklist
No ratings yet
Computer Security Audit Checklist
5 pages
Vendor Security Checklist
No ratings yet
Vendor Security Checklist
7 pages
Network Security Checklist: General Security Planning Tips
No ratings yet
Network Security Checklist: General Security Planning Tips
2 pages
Cybersecurity Checklist PDF
No ratings yet
Cybersecurity Checklist PDF
11 pages
Breathe 10 Step Cyber Security Checklist
No ratings yet
Breathe 10 Step Cyber Security Checklist
6 pages
Ict SCRM Task Force SMB Operationalizing Vendor Template Excel 508
No ratings yet
Ict SCRM Task Force SMB Operationalizing Vendor Template Excel 508
27 pages
Ca Inter FM List of Important Concepts & List of Important Questions
No ratings yet
Ca Inter FM List of Important Concepts & List of Important Questions
5 pages
(Ebook PDF) Effective Cybersecurity: A Guide To Using Best Practices and Standardspdf Download
100% (3)
(Ebook PDF) Effective Cybersecurity: A Guide To Using Best Practices and Standardspdf Download
49 pages
Astm D7234-12 (Adhesion Strength of Coatings On Concrete)
No ratings yet
Astm D7234-12 (Adhesion Strength of Coatings On Concrete)
9 pages
Building A Cybersecurity Strategy From Scratch: The Complete Guide To
100% (1)
Building A Cybersecurity Strategy From Scratch: The Complete Guide To
15 pages
Risk Assesment
No ratings yet
Risk Assesment
10 pages
Checklist For Client
No ratings yet
Checklist For Client
7 pages
Lecture 6 Network Security
No ratings yet
Lecture 6 Network Security
6 pages
Cybersecurity Checklist
No ratings yet
Cybersecurity Checklist
11 pages
Unit 3.2
No ratings yet
Unit 3.2
15 pages
Cyber Security Risk Assessment Checklist
No ratings yet
Cyber Security Risk Assessment Checklist
11 pages
RRU5903 (850Mhz) - Technical Specifications
No ratings yet
RRU5903 (850Mhz) - Technical Specifications
8 pages
Small Firm Cybersecurity Guide
No ratings yet
Small Firm Cybersecurity Guide
28 pages
Practical Security Cheatsheet
No ratings yet
Practical Security Cheatsheet
2 pages
Katalog GALA - Gate Valve OSNY
No ratings yet
Katalog GALA - Gate Valve OSNY
1 page
Risk Assessment For Computer System Validation
90% (10)
Risk Assessment For Computer System Validation
40 pages
Information Security Measures
No ratings yet
Information Security Measures
17 pages
SIA Cybersecurity Advisory Board Recommendations
No ratings yet
SIA Cybersecurity Advisory Board Recommendations
3 pages
Itauditing Guidequestions
No ratings yet
Itauditing Guidequestions
6 pages
BJT AC Analysis for Electronics Students
100% (1)
BJT AC Analysis for Electronics Students
9 pages
(PDF) - Cybersecurity Questionnaire
No ratings yet
(PDF) - Cybersecurity Questionnaire
20 pages
Cnss Model
No ratings yet
Cnss Model
23 pages
Vendor Application Security Risk Assessment
100% (1)
Vendor Application Security Risk Assessment
7 pages
18 Information Security Checklist
No ratings yet
18 Information Security Checklist
7 pages
Cybersecurity Checklist: 8 4 4 - 4 4 - J M A R K
No ratings yet
Cybersecurity Checklist: 8 4 4 - 4 4 - J M A R K
10 pages
Cybersecurity For Small Business: The Fundamentals
No ratings yet
Cybersecurity For Small Business: The Fundamentals
48 pages
Dr. Naheed Zamani Clinic Lahore - Top Doctors, Fees, Contact Number
No ratings yet
Dr. Naheed Zamani Clinic Lahore - Top Doctors, Fees, Contact Number
1 page
Proj
No ratings yet
Proj
200 pages
Cybersecurity Best Practices Guide
No ratings yet
Cybersecurity Best Practices Guide
6 pages
ICT380 - Workshop 8
No ratings yet
ICT380 - Workshop 8
8 pages
HRM: Job Analysis Essentials
100% (1)
HRM: Job Analysis Essentials
11 pages
Reading Unit 4
No ratings yet
Reading Unit 4
3 pages
6 Step Cyber Security Starter Guide For SMBs
No ratings yet
6 Step Cyber Security Starter Guide For SMBs
17 pages
Hammad Ahmad
No ratings yet
Hammad Ahmad
18 pages
JD - Commissioning Supervisor
No ratings yet
JD - Commissioning Supervisor
2 pages
DDO26B1101
No ratings yet
DDO26B1101
6 pages
IR-ADV C3530 C3525 C3520 III Series Partscatalog E EUR
No ratings yet
IR-ADV C3530 C3525 C3520 III Series Partscatalog E EUR
138 pages
IT Security Audit Essentials
No ratings yet
IT Security Audit Essentials
4 pages
Cybersecurity Controls Checklist
No ratings yet
Cybersecurity Controls Checklist
12 pages
Counter Rust 7010 TDS
No ratings yet
Counter Rust 7010 TDS
2 pages
Cyber Security Checklist PDF
No ratings yet
Cyber Security Checklist PDF
10 pages
The Significance of IT Security Management & Risk Assessment
100% (1)
The Significance of IT Security Management & Risk Assessment
30 pages
IT Security Audit Steps
No ratings yet
IT Security Audit Steps
5 pages
CAT DP40 Electric Equipment Parts
No ratings yet
CAT DP40 Electric Equipment Parts
6 pages
An Introduction To Hadoop
No ratings yet
An Introduction To Hadoop
12 pages
Essential Eight Cybersecurity Guide
No ratings yet
Essential Eight Cybersecurity Guide
68 pages
Bearing Wholesalers Product Guide 2023
No ratings yet
Bearing Wholesalers Product Guide 2023
17 pages
Corporate Banking Analysis Guide
No ratings yet
Corporate Banking Analysis Guide
38 pages
Cont : Chapter One
No ratings yet
Cont : Chapter One
21 pages
Bluetooth Headset User Guide
No ratings yet
Bluetooth Headset User Guide
17 pages
KSP Response To LINK Nky Records Request
No ratings yet
KSP Response To LINK Nky Records Request
2 pages
Information Security and Analysis Labda4: NIST Report For VIT
No ratings yet
Information Security and Analysis Labda4: NIST Report For VIT
11 pages
RCZ - C5FG014DP0 - Removing - Refitting - Central Console
No ratings yet
RCZ - C5FG014DP0 - Removing - Refitting - Central Console
6 pages
Computer Security Audit Checklist
No ratings yet
Computer Security Audit Checklist
6 pages
2024.05.08 Poki Playtest Privacy Statement
No ratings yet
2024.05.08 Poki Playtest Privacy Statement
3 pages
Pringles Marketing Analysis
100% (2)
Pringles Marketing Analysis
24 pages
RCZ - B3EB010PP0 - Tightening Torques - Steering
No ratings yet
RCZ - B3EB010PP0 - Tightening Torques - Steering
2 pages
)
No ratings yet
)
2 pages
RCZ - C5FG010NP0 - Removing - Refitting - Sunshine Sensor
No ratings yet
RCZ - C5FG010NP0 - Removing - Refitting - Sunshine Sensor
2 pages
DeLonghi Eletta Explore - Manual - ECAM45055G-231470
No ratings yet
DeLonghi Eletta Explore - Manual - ECAM45055G-231470
32 pages
RCZ - B3ED010RP0 - Check - Power Steering Pressure
No ratings yet
RCZ - B3ED010RP0 - Check - Power Steering Pressure
3 pages
RCZ - B3EB010QP0 - Identification - Data - Electric Power Steering (Mechanical)
No ratings yet
RCZ - B3EB010QP0 - Identification - Data - Electric Power Steering (Mechanical)
3 pages
Hawkes & Webb 1962 Review
No ratings yet
Hawkes & Webb 1962 Review
2 pages
RCZ - C5GM0104P0 - Repair - Seat Trim (Leather)
No ratings yet
RCZ - C5GM0104P0 - Repair - Seat Trim (Leather)
5 pages
RCZ - C5GM0103P0 - Repair - Seat Trim
No ratings yet
RCZ - C5GM0103P0 - Repair - Seat Trim
5 pages
2004 Chrysler Crossfire - Build Sheet - 1C3APE9L64X011323
No ratings yet
2004 Chrysler Crossfire - Build Sheet - 1C3APE9L64X011323
5 pages
RCZ - B3EF0105P0 - Adjustment - Thrust Pad
No ratings yet
RCZ - B3EF0105P0 - Adjustment - Thrust Pad
4 pages
Crossfire Specialist Student Reference Book - 1
No ratings yet
Crossfire Specialist Student Reference Book - 1
244 pages
White Paper Cyber Attack Survival
No ratings yet
White Paper Cyber Attack Survival
15 pages
Information Security: For Small Business
No ratings yet
Information Security: For Small Business
58 pages
Master Study & Visa Guide Germany
100% (1)
Master Study & Visa Guide Germany
6 pages
Cybersecurity Essentials for SMBs
No ratings yet
Cybersecurity Essentials for SMBs
48 pages
Small Firm Plan
No ratings yet
Small Firm Plan
68 pages
Affidavit for Name Discrepancy Correction
No ratings yet
Affidavit for Name Discrepancy Correction
5 pages
RPMS Nornynel
No ratings yet
RPMS Nornynel
116 pages
Bro vd10 20140115
No ratings yet
Bro vd10 20140115
2 pages
IPE 341 Chip Formation Mechanism
100% (1)
IPE 341 Chip Formation Mechanism
22 pages
Designz Tweet Book
No ratings yet
Designz Tweet Book
117 pages
Texas Scorecard Mail - Re - ARIF Results - Rolando Ortiz Redacted
No ratings yet
Texas Scorecard Mail - Re - ARIF Results - Rolando Ortiz Redacted
8 pages
Heatless Regenerative Dessicant Dryers
No ratings yet
Heatless Regenerative Dessicant Dryers
20 pages
Bru Cyber Security Checklist
No ratings yet
Bru Cyber Security Checklist
12 pages
Taran Et Al. 2015 PDF
No ratings yet
Taran Et Al. 2015 PDF
31 pages