Information is one of the most valuable assets of any organization, public or private, and the protection of that information is critical. Information security is the protection of information from a wide range of threats and vulnerabilities to ensure business continuity.
The vulnerability of any one small business may not seem significant to many other than the owner and employees. However, 95 percent of all US businesses are small and medium-sized businesses (SMBs), of 500 employees or less. Therefore a vulnerability common to a large percentage of all SMBs could pose a threat to the Nation's economic base. In the special arena of information security, vulnerable SMBs also run the risk of being compromised for use in crimes against governmental or large industrial systems upon which everyone relies. SMBs cannot always justify an extensive security program, or often a single full time expert. Nonetheless, they confront serious security challenges and must address security requirements based on identified needs.
The difficulty for these organizations is to identify needed/cost-effective security mechanisms and obtain training that is practical and cost effective. Such organizations also need to become more educated consumers in terms of security, so that their limited security resources are well applied to meet the most obvious and serious threats.