Advice for Larger Organisations
Board Toolkit
Good cyber security protects that ability to function, and ensures organisations can exploit the opportunities that technology brings. Cyber security is therefore central to an organisation’s health and resilience, and this places it firmly within the responsibility of the Board.
The Board Toolkit been created to encourage essential discussions about cyber security to take place between the Board and their technical experts.
Board members don’t need to be technical experts, but they need to know enough about cyber security to be able to have a fluent conversation with their experts, and understand the right questions to ask.
The Board Toolkit therefore provides:
1. A general introduction to cyber security.
2. Separate sections, each dealing with an important aspect of cyber security. For each aspect, we will:
-
- explain what it is, and why it’s important
- recommend what individual Board members should be doing
- recommend what the Board should be ensuring your organisation is doing
- provide questions and answers which you can use to start crucial discussions with your cyber security experts
3. An Appendix summarising the legal and regulatory aspects of cyber security.
The guidance within the 10 Steps to Cyber Security is comprehensive and will take time to implement, but will achieve the greatest degree of security for your organisation. The first step in implementation would normally be to establish a baseline of where your organisation is, before conducting a gap analysis between the baseline and what you would like to achieve. This process should become a cycle of steady improvement and review.
Risk Management
Taking risks is a natural part of doing business. Risk management informs decisions so that the right balance of threats and opportunities can be achieved to best deliver your business objectives. Risk management in the cyber security domain helps ensure that the technology, systems and information in your organisation are protected in the most appropriate way, and that resources are focussed on the things that matter most to your business. A good risk management approach will be embedded throughout your organisation and complement the way you manage other business risks.
Engagement and Training
Asset Management
Architecture and Configuration
Vulnerability Management
Identity and Access Management
Data Security
Logging and Monitoring
Incident Management
Supply Chain Security
Most organisations rely upon suppliers to deliver products, systems, and services. An attack on your suppliers can be just as damaging to you as one that directly targets your own organisation. Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it. The first step is to understand your supply chain, including commodity suppliers such cloud service providers and those suppliers you hold a bespoke contract with. Exercising influence where you can, and encouraging continuous improvement, will help improve security across your supply chain.