Small-site Information Security on a (very loose) shoestring a case study

This paper will describe one such smaller company and the state I found it in when I joined it. This will be followed by a review of corrective actions (and their limitations) that significantly enhanced the overall security posture. This was accomplished while working with management attitudes that did not generally hold information security at a high value in the day-to-day activities of the company. Corrective work was done over a period of about a year, by the end of which many improvements had been realized. More importantly, the management team at this site was much better educated in the value of information security and had become willing to invest some limited resources in security activities.

Tags:

Read the complete paper at SANS