- CSRC Home
- Projects / Research
- news & events
Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)
What do a business's invoices have in common with e-mail? If both are done on the same computer, the business owner may want to think more about computer security. Information-payroll records, proprietary information, client or employee data-is essential to a business's success. A computer failure or other system breach could cost a business anything from its reputation to damages and recovery costs. The small business owner who recognizes the threat of computer crime and takes steps to deter inappropriate activities is less likely to become a victim. The vulnerability of any one small business may not seem significant to many other than the owner and employees of that business. However, over 27 million U.S. businesses-over 99 percent of all U.S. businesses-are small and medium-size businesses (SMBs) of 500 employees or less. Therefore, a vulnerability common to a large percentage of all SMBs could pose a threat to the Nation's economic base. In the special arena of information security, vulnerable SMBs also run the risk of being compromised for use in crimes against governmental or large industrial systems upon which everyone relies. SMBs frequently cannot justify an extensive security program or a full-time expert. Nonetheless, they confront serious security challenges and must address security requirements based on identified needs.
The difficulty for these businesses is to identify needed security mechanisms and training that are practical and cost-effective. Such businesses also need to become more educated in terms of security so that limited resources are well applied to meet the most obvious and serious threats. To address this need, NIST, the Small Business Administration (SBA), and the Federal Bureau of Investigation (FBI) entered into a co-sponsorship agreement for the purpose of conducting a series of training meetings on computer security for small businesses. The purpose of the meetings is to have individuals knowledgeable in computer security provide an overview of information security threats, vulnerabilities, and corresponding protective tools and techniques with a special emphasis on providing useful information that small business personnel can apply directly or use to task contractor personnel.