The comprehensive guide to support SMEs in information security management
The protection of personal records and commercially sensitive information is critical for any business. Most SMEs underestimate their risk level for cyber-attacks. While SMEs are the majority of businesses in Europe and great drivers of innovation, they are too often unprepared when it comes to cope with cyber threats and attaks and their systems are often too vulnerable.
In the framework of the EU-funded actions for support to SMEs in standardisation by Small Business Standards (SBS), the European DIGITAL SME Alliance (DIGITAL SME) published an SME Guide for the implementation of ISO/IEC 27001 on information security management. ISO/IEC 27001 is the international standard for companies that need a robust approach to managing information security and building resilience. With its Guide, DIGITAL SME wants to help SMEs better understand ISO/IEC 27001 and assist them in its concrete implementation.
The SME Guide for the implementation of ISO/IEC 27001 was developed by information security experts appointed by recognised SME and cyber-security trade associations of various European countries. Mr Fabio Guasconi of the Italian association CLUSIT chaired a group of 12 experts from seven countries: "Most of the SMEs thinks that they are handling info not important enough to be considered worthy of stealing. By contrast, small and medium businesses are often integral part of more complex value chains and their weak IT security framework may bring great threat to larger eco-systems"
Based upon ISO/IEC 27001 content, the Guide describes a a wide array of practical activities that can significantly help with establishing or raising information security levels within an SME. Workshops and dedicated training sessions will be made available by SBS and DIGITAL SME throughout 2018 in order to present the Guide to SMEs and interested users.