…keeping busy executives safer in cyber space…

10 Steps To Cyber Security

Stay safe online with 10 simple steps.

Credible guidance and advice videos helping you to

keep yourself safer in cyber space

[Source: www.ncsc.gov.uk]

10 Steps to Cyber Security

Executive Summary

This guidance is designed by the NCSC for organisations that understand the need

to protect themselves in cyberspace

10 Steps to Cyber Security

1

Risk Management Regime

Organisations rely on technology, systems and Information to support their business goals. It is important that organisations apply a similar level of rigour to assessing the risks to its technology, systems and information assets as it would to other risks that might have a material business impact, such as regulatory, financial or operational risks. This can be achieved by embedding an appropriate risk management regime across the organisation, which is actively supported by the board, senior managers and an empowered governance structure.

What Is The Risk?

Managing The Risk

 

10 Steps to Cyber Security

2

Secure Configuration

Having an approach to identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. You should develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities, usually via patching. Failure to do so is likely to result in increased risk of compromise of systems and information.

What Is The Risk?

Managing The Risk

 
 

10 Steps to Cyber Security

3

network security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding (or causing harm to your organisation).

What Is The Risk?

Managing The Risk

10 Steps to Cyber Security

4

managing user privileges

If users are provided with unnecessary system privileges or data access rights, then the impact of misuse or compromise of that users account will be more severe than it need be. All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed. This principle is sometimes referred to as ‘least privilege’.

What Is The Risk?

Managing The Risk

 

10 Steps to Cyber Security

5

user education and awareness

Users have a critical role to play in their organisation’s security and so it's important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well helping to establish a security-conscious culture.

What Is The Risk?

Managing The Risk

 
 

10 Steps to Cyber Security

6

incident management

All organisations will experience security incidents at some point. Investment in establishing effective incident management policies and processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

What Is The Risk?

Managing The Risk

 

10 Steps to Cyber Security

7

malware prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. Any exchange of information carries with it a degree of risk that malware might be exchanged, which could seriously impact your systems and services. The risk may be reduced by implementing appropriate security controls as part of an overall 'defence in depth' approach.

What Is The Risk?

Managing The Risk

10 Steps to Cyber Security

8

monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Good monitoring is essential in order to effectively respond to attacks. In addition, monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies. Monitoring is often a key capability needed to comply with legal or regulatory requirements.

What Is The Risk?

Managing The Risk

 
 

10 Steps to Cyber Security

9

removable media controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

What Is The Risk?

Managing The Risk

 

10 Steps to Cyber Security

10

home and mobile working

Mobile working and remote system access offers great business benefits but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

What Is The Risk?

Managing The Risk

Copyright © Lockcode Limited 2018

Registered in England 2004

Company No. 05078345

CCS_2935_Supplier_AW_300dpi.jpg