Establish or Adjust Policy
IT policies aligned to best practice are foundational to the security posture of an organisation. As business evolves, compliance changes, and the threat landscape shifts, policy adjustments are often necessary to maintain the expected level of protection of information and systems.
Promote Security Awareness
People are your best defence against cyber threats once educated and aware. Each organisation is different therefore awareness campaigns and training methods should be tailored to fit the culture and maturity of the business.
Implement Processes And Procedures
Processes and procedures should be documented and followed consistently to develop a robust security posture. Operational security has to reflect the company’s policies. All business as usual processes plus incident response and BCP/DR planning should be covered.
Technical controls that include conventional or more advanced defences need to be configured to reflect policy and ideally automate aspects of security operations in line with the company’s processes and procedures.
Audit/Monitor For Compliance
Security auditing should be conducted on a regular basis to identify weaknesses in human factors, operational processes or controls. Very often audit results indicate a need to continue the improvement cycle with a focus on policies, awareness, procedures and controls.