To assist organisations in managing their cyber security risks, this article identifies 10 components that must be considered. As of November 2021, it has been updated by the NCIS and is targeted at security professionals and technical staff in medium to large organisations.The ways in which we’re using technology, and the risks we now face online, make these steps highly relevant in today’s technological environment.
Changes in the external environment are not the only factor affecting productivity, such as the rise of cloud-based services and the shift to mobile and home working. There have also been changes in the nature of threats facing organisations. There are threats such as ransomware (which affects any organisation, regardless of its size or type).
We have further evolved our understanding of how technology and people change as we improve systems, processes, and skills to keep organisations safe.
Summary of the 10 Steps:
- Risk Management: take a risk-based approach to securing your data and systems.
- Engagement and Training: collaboratively build security that works for people in your organisation.
- Asset Management: know what data and systems you have, and what business need they support.
- Architecture and Configuration: design, build, maintain and manage systems securely.
- Vulnerability Management: keep your systems protected throughout their life cycle.
- Identity and Access Management: control who and what can access your systems and data.
- Data security: protect data where it is vulnerable.
- Logging and Monitoring: design your systems to be able to detect and investigate incidents.
- Incident Management: plan your response to cyber incidents in advance.
- Supply Chain Security: collaborate with your suppliers and partners.
UK Cyber Security Experts
If you would like more information on how we can help you strategise, plan and implement your cyber security program, get in touch for a no obligation discussion with our team.