Small Business Information Security: the Fundamentals

Kissel, Richard; Moon, Hyunjeong

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST IR 7621 Rev. 1 (Initial Public Draft)

Further development of this draft has ceased (November 03, 2016).

Small Business Information Security: the Fundamentals

Documentation Topics

Date Published: December 2014
Comments Due: February 9, 2015 (public comment period is CLOSED)
Email Questions to: smallbizsecurity@nist.gov

Author(s)

Richard Kissel (NIST), Hyunjeong Moon (NIST)

Announcement

NIST, as a partner with the Small Business Administration and the Federal Bureau of Investigation in an information security awareness outreach to the small business community, developed this NISTIR as a reference guideline for small businesses. This document is intended to present the fundamentals of a small business information security program in non-technical language.

Abstract

Keywords

small business information security; cybersecurity fundamentals

Control Families

Access Control; Awareness and Training; Configuration Management; Contingency Planning; Identification and Authentication; Media Protection; Physical and Environmental Protection; Planning; Personnel Security; System and Services Acquisition; System and Communications Protection; System and Information Integrity

Documentation

Publication:
Draft NISTIR 7621 Rev. 1 (pdf)

Supplemental Material:
None available

Document History:
12/16/14: IR 7621 Rev. 1 (Draft)

Topics

Security and Privacy

awareness training & education, planning

Applications

small & medium business