Check list of security measures for SMEs

Check to verify the completeness of this article.

Risk Management and Security Policy

Risk management requires analysis of the security requirement for each asset (classification according to the feared impact), assesses the likelihood of threats for these assets and quantifies the ease with which the vulnerabilities of these assets can be exploited.

For very small businesses, this risk analysis is not easy to perform. As a result, this section provides a non-exhaustive list of potential threats and responses to reduce their impact.

If your organisation fears serious impacts, it is strongly recommended that you proceed with a risk management approach and that you define a security policy and a continuous improvement process. More advice can be found in the article “Protecting Your Business”.

Threats to infrastructure

Infrastructure includes all the essential assets and services on which the information system is based, such as the supply of power, communication or processing services. These services are therefore critical to the operation of the information system and exposed to certain threats (see “Threats to infrastructure”:

Threats to hardware

See the article “Threats to hardware”:

Threats to software

Software is the most commonly used user interface for manipulating information. This interface, which offers a finite but immense set of possibilities, is subject to multiple constraints and multiple threats jeopardising the operation of the organisation, the most acute being malware, which will be addressed in a specific chapter in this document. See “Threats to software”:

Special legal and regulatory provisions must be adhered to by organisations. These provisions involve, in particular, respect for privacy, copyright and the specific regulatory provisions of the industrial sector. See “Legal aspects”:

Threats to people

See the article “Threats to people”:

Handling malicious codes

Recommended security measures for countering malicious codes.