Cyber Risk Management

You are reading this so you realise there are risks

Secure Configuration

Most systems will need updating once purchased, as they would have spent time ‘on the shelf’, prior to use. Then once in service they will need constant updating, sometimes called ‘patching’. Do you know what needs updating, what settings need changing, is the admin password still the default (e.g. ADMIN)

Manage User Privileges

The principle of ‘Least Privilege’, what accesses do people require to do their job? Are you aware there are different access levels

User Education and Awareness

Security is everybody’s responsibility, increase awareness, provide training and establish a security conscious culture

Incident Management

All organisations WILL experience security incidents at some point. Can you list the most common types of attack and describe your reaction to these attacks

Malware Prevention         

Malware typically involves somebody else putting bad things on your system. Develop and implement anti-malware policies and procedures, such as anti-virus, as part of an overall ‘defence in depth’ approach

Monitoring

Virtually all systems have monitoring elements built in, but they are useless as a preventative solution unless somebody is looking at them. Monitoring is often a key capability needed to comply with legal or regulatory requirement, such as the Data Protection Act.

Removable Media

Removable media, such as USB pen drives, provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use

Home and Mobile Working

Train users on the secure use of their mobile devices in the environments they are likely to be working in