Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorized access and malicious content. Monitor and test security controls.
Produce user security policies covering acceptable and secure use of your organization’s systems. Establish a staff training program. Maintain user awareness of the cyber risks.
Apply security patches and ensure that the secure configuration of all systems maintained. Create a system inventory and define a baseline build for all devices.
Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyze logs for unusual activity that could indicate an attack.
Establish an incident response and disaster recover capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.
Produce relevant policy and establish anti-malware defenses that are applicable and relevant to all business areas. Scan for malware across the organization.
Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing on to the corporate system.