In a nutshell, you can get yourself in tune with the risks and security issues that are relevant in your “neighborhood”. Governance is about being aware of your situation and in control of your business. But many managers think it implies mountains of paperwork and reporting. In reality, for small businesses, governance can be implemented by learning a few simple tactics that can save your life – without having a degree in security.Here are some of the simple ways that you can educate yourself and your staff about improving your business’s security: Information Security Blog
If you try to read every article about information security that is published every day, you literally would never get any real work done. Scanning the most recent news articles that are relevant to your industry (and perhaps those of your customers, suppliers and partners, if you have time) keeps you up to date on the major threats and solutions that people are talking about. Just knowing they exist is a good start, and lets you participate in conversations with your own team about how they affect your business.There are many communities that are continually coming into existence which you can take advantage of. But you have to be practical, and only join as many as you can handle, in terms of being able to scan and participate in them. Communities that have a high percentage of members who share your concerns about the issues in your own industry, and who speak in the management vocabulary or technical terms you can understand- In the past, security was relegated to the IT department of most organizations. This is still the case for many businesses, but there is a general recognition that the business unit management is ultimately responsible for managing risk. This means that security issues that occur at any level, whether technical, personnel, project, contractual or many other areas, ultimately require translation into terms that the business manager can understand. You can now find more articles and resources that recognize security as more of a business issue than a problem that requires technology to solve it.