togoCIO Announces Release of White Paper 30 Steps To A Secure Organization: An Easy-To-Follow Guide to Information Security Management

Share Article

30 Steps to a Secure Organization is an easy-to-use guide, designed to help small businesses assess their information security posture. The guide includes specific guidance about resoling issues, with numerous links to helpful resources.

togoCIO, a information security and risk management advisory company, today announced the release of its new White Paper, "30 Steps to a Secure Organization: A No Nonsense Approach to Objectively Evaluating Your Information Security Readiness." This white paper is intended to show small and medium businesses (SMBs) how to properly evaluate their information security posture, and to remediate any deficiencies.

"Most white papers are focused on selling services," according to Robert C. Covington, President of togoCIO, and author of the document. "We intended this document to be a practical guide to the small and medium business world. With this guide, a corporate executive should be able to evaluate his/her company's information security, and know what changes are needed."

"The last year has seen a dramatic increase in successful security breaches, many of them involving well known enterprises such as Anthem, Target, and Sony," said Covington. "Our concern is that for every major breach in the news, there may be hundreds or thousands of successful attacks on SMBs that we never hear about."

While Enterprises usually have IT staff members focused on Information Security, most SMBs have no such staff, and often no IT staff at all. At the same time, they suffer disproportionately from an economic perspective as a result of security breaches, which according to a 2014 study by the Ponemon Institute, is estimated to be $1,513 per capita versus $517 for a larger Enterprise. "This document is intended to help the disadvantage of not having access to security expertise on staff," said Covington.

30 Steps to a Secure Organization is organized by functional area, based on togoCIO's proprietary scorecard, which was developed over many years of practice. The areas include:

  • Security policy
  • Employee awareness
  • Credential management
  • Server security
  • Workstation security
  • Network security
  • Wireless security
  • Physical security
  • Risk management

Each area is broken down into specific evaluation points, with practical advice about how to properly review each point, and suggestions for remediation. Numerous links to helpful third party resources, many available at no cost, are provided to help in the remediation process. The document and scorecard are consistent with the requirements of the major compliance standards, including SOX, PCI, and HIPAA.

togoCIO's scorecard was developed specifically to allow an SMB's information security posture to be quickly and accurately evaluated. It has subsequently been tested against a number of organizations, receiving very positive reviews. "From a non-IT person with a little bit of knowledge, I found it to be very thorough and comprehensible," said Frank Vann, COO of Fellowship of Companies for Christ, International, after his organization was evaluated against the scorecard. "It helped me become more knowledgeable and have a better understanding of issues and risks I had not previously considered."

togoCIO is making this white paper available to anyone interested without charge. The company intends to update the document regularly as changes in threats and best practices warrant. The document can be obtained from togoCIO's website, using the following address:!wp4/c23n6

"We can't solve all of the major cyber security issues threatening the country," said Covington, "but if this document will help some SMBs to be more secure, it will be well worth our effort."

About togoCIO:

togoCIO, based in the Northern suburbs of Atlanta, GA, provides information security and risk management services to small and medium businesses and organizations. Available services include information security evaluation and remediation, fractional CIO/CISO services, user security training, and security policy development.

For more information, contact:

Robert C. Covington

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Robert Covington
+1 678-341-3630
Email >
since: 02/2012
Follow >

Visit website