Explore a comprehensive approach to information security for organizations without dedicated InfoSec staff in this 24-minute conference talk from BSidesLV 2014. Learn about secondary responsibility syndrome, risk assessment for small businesses, legacy perimeter challenges, and effective security controls. Discover strategies for implementing technical controls, managing security risks, and fostering security awareness. Gain insights on how to sell security initiatives, create a blueprint for security measures, and address core information protection. Understand the importance of datacentric security and how to navigate common challenges such as password management and dealing with potential threats.