Managing SMB Cybersecurity Projects



By Yogi Schulz

Calgary, Alberta, Canada

Do you think cybersecurity is expensive and consumes too much staff time? Do you believe your organization is too small, low profile and inconsequential to attract the attention of cyber attackers? Too many Small and Midsize Business (SMB) managers and owners may believe these misperceptions and sweep the topic of cybersecurity under the carpet at their peril.

What risks are we accepting by ignoring cybersecurity?

Cyberattacks include phishing attacks, data breaches, ransomware, theft of company intellectual property, corporate espionage, and identity theft. The adverse impacts of successful cyberattacks include:

  • Reputational damage among customers and suppliers leading to loss of business.
  • Financial losses due to the cost of repairing the computing infrastructure’s damage and recreating data.
  • Fines payable to regulators for violating the General Data Protection Regulation (GDPR) or similar regulations.
  • Market share losses when theft of intellectual property creates competitors.
  • Loss of revenue due to operational disruption.

Taken together, these likely impacts create a risk of bankruptcy.

Project managers too often fear cybersecurity projects because they feel daunting and technically complex. This article shows how a project that implements a subset of the CIS Critical Security Controls® (CIS Controls®) raises your SMB cybersecurity defences with low risk and excellent cost-effectiveness.

What is CIS?

The Center for Internet Security (CIS) is a non-profit organization founded in 2000. Its mission is to develop, promote and sustain best practices in cybersecurity to enable the Internet as a trusted environment. The members include government agencies, corporations and academic institutions. These members developed the CIS Controls® for computing environments by collaborating with experts in various disciplines, including security analysts, auditors, executives and policymakers.

Basing your SMB cybersecurity project on the CIS best practices, rather than developing your own practices, reduces project cost, risk and elapsed time.

What value do the CIS controls create?

The CIS community asserts that implementing the CIS controls:

  • Prevents the vast majority of cyberattacks.
  • Assures organizations that cybersecurity defences are comprehensive.
  • Provides a framework for automating and managing cybersecurity defences well into the future.

Using the CIS controls framework to scope your SMB cybersecurity project provides the following project benefits:


To read entire article, click here

How to cite this article: Schulz, Y. (2024).  Managing SMB Cybersecurity Projects, PM World Journal, Vol. XIII, Issue II, February.  Available online at https://pmworldlibrary.net/wp-content/uploads/2024/02/pmwj138-Feb2024-Schulz-managing-smb-cybersecurity-projects.pdf

About the Author

Yogi Schulz

Calgary, Alberta, Canada


Yogi Schulz has over 40 years of Information Technology experience in various industries. Yogi works extensively in the petroleum industry to select and implement financial, production revenue accounting, land & contracts and geotechnical systems. He manages projects that arise from changes in business requirements, from the need to leverage technology opportunities and from mergers. His specialties include IT strategy, web strategy and systems project management.

Mr. Schulz regularly speaks to industry groups and writes a regular column for IT World Canada and for Engineering.com. He has written for Microsoft.com and the Calgary Herald. His writing focuses on project management and IT developments of interest to management. Mr. Schulz served as a member of the Board of Directors of the PPDM Association for twenty years until 2015. Learn more at https://www.corvelle.com/. He can be contacted at yogischulz@corvelle.com

His new book, co-authored by Jocelyn Schulz Lapointe, is “A Project Sponsor’s Warp-Speed Guide: Improving Project Performance.”