Key strategies for good cyber security and making them work

Establish a security programme with 10 elements:

1. Leadership – appoint an information security manager with proven knowledge (i.e. someone with an industry certification such as ISC² CISSP and suitable experience
2. Risk assessments - the security programme will utilise risk assessments to understand what the risks are and how the risks can be mitigated.
3. Policies - a good set of information security policies is vital to ensure everyone knows what is required. The policies should set out what the management team are hoping to achieve and describe user responsibilities in a clear and concise format.
4. Deploy appropriate security controls– large organisations should implement a wide range of security systems. As a baseline it should include an information asset register, firewalls, single sign on, multi-factor authentication, endpoint protection and other controls as per risk assessments
5. Train staff – Regular security awareness training for staff is important for reducing the impact of cyber-attacks.
6. Perform regular vulnerability assessments – Undertake regular testing of systems to identify potential software vulnerabilities.
7. Audit security controls and processes – security controls and security processes are regularly checked to ensure they are effective and compliant with the agreed policies.
8. Regular backups – Ensure backups are working because if required, it’s vital the data can be quickly reinstated.
9. Incident Response and Business Continuity Plans - Having tried and tested incident response plans and business continuity plans are vital to ensure a quick and effective response
10. Manage change effectively – you may have a stable environment but change is inevitable to every organisation and managing it is crucial.

The success of any programme is heavily dependent on its implementation. Utilising ISO 27001 is a great framework and one of the best to get all stakeholders onboard.