Establish a monitoring strategy and produce supporting policies.
Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.
Produce user security policies covering acceptable and secure
use of your systems. Include in staff training. Maintain
in staff training.
Protect your networks from attack. Defend the network perimeter, filter out unauthorised access and malicious content. Monitor
and test security controls.
Supply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
Establish an incident response and disaster recovery capability.
Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.
Assess the risks to your organisation’s information and systems with the same vigour you would for legal, regulatory, financial or operational risks. To achieve this, embed a Risk Management Regime across your organisation.
Produce a policy to control all access to removable media.
Limit media types and use. Scan all media for malware before importing onto the corporate system.
Produce relevant policies and establish anti-malware
defences across your organisation.
Produce a policy to control all access to removable media.
Limit media types and use. Scan all media for malware before importing onto the corporate system.