Steps to Cyber Security


Network Security

Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorized access and malicious content. Monitor and test security controls.


User Education & Awareness

Produce user security policies covering acceptable and secure use of your organization’s systems. Establish a staff training program. Maintain user awareness of the cyber risks.


Secure Configuration

Apply security patches and ensure that the secure configuration of all systems maintained. Create a system inventory and define a baseline build for all devices.


Managing User Privileges

Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.


Monitoring

Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyze logs for unusual activity that could indicate an attack.


Incident Management

Establish an incident response and disaster recover capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.


Home and Mobile Working

Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.


Malware Protection

Produce relevant policy and establish anti-malware defenses that are applicable and relevant to all business areas. Scan for malware across the organization.


Removable Media Controls

Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to the corporate system.


*Adopted from Communications-Electronics Security Group