The National Association of State Chief Information Officers has released a report identifying those areas of IT security considered so essential that they should more properly be termed ‘critical’. Although the intent of the report is to identify these areas for the benefit of various levels of government in the United States, the information is also of great use to small and medium sized businesses looking to improve their provision of inform
Most small businesses will have limited experience and expertise with many of the areas identified, but this challenge can be quickly overcome through the use of IT consulting services. Businesses, for example, may wish to have IT consulting staff on hand to assist them as they create new policies for information security or update their existing procedures and standards in this regard. The report is particularly useful because it was written with budgetary constraints in mind, something that most businesses are keenly aware of as they seek to improve their utilization of IT services.
IT consulting firms can also offer guidance as firms seek information about identifying valid and appropriate performance indicators that can help them measure their own IT security progress over time. With the help of consultants, a system can be developed to track and measure this progress so that management and business owners can be assured that their investment in additional IT security is paying off in terms of real world results.