Total Pageviews

Sunday, 20 October 2013

Cyber Risk Management: A Business Essential


Key information is an asset for every organization's growth. Protection of key information is of key importance for the sustainability and competitiveness of business today.  

Cyber Security provides a lot of benefits for an organization. It includes:
1) Strategic Benefits: Corporate decision making is improved through the high visibility of risk exposure, both for individual activities and major projects, across the whole of the organization. 
2) Financial Benefits: Financial benefits to the organization through the reduction of losses and improved "value for money" potential. 
3) Operational Benefits: Organizations are prepared for most eventualities, being assured of adequate contingency plans.

There are a lot of cyber risks which has to be taken into account while we are running an organization. Let us consider some of them.

(1) Information Risk Management
     a) Enable and support risk management across the whole organization. 
     b) Determine the level of risk the organisation is prepared to tolerate and                            communicate it.
     c) Maintain the board's engagement with cyber risk.
     d) Produce supporting risk management policies.
     
(2) Secure Configuration
     a) Develop corporate policies to update and patch systems.
     b) Create a baseline security build for work stations, servers, firewalls and routers.
     c) Conduct regular vulnerability scans.  

(3) Network Security
     a) Establish a multi-layered boundary defences with firewalls and proxies deployed                between the untrusted external network and the trusted internal network.
     b) Protect the internal network.
     c) Use intrusion monitoring tools and systems, regularly audit activity logs. 
     d) Test the security controls.

(4) Managing user privileges
    a) Establish effective account management processes. 
    b) Limit the number and use of privileged accounts. 
    c) Monitor all users. 

(5) User education and awareness
    a) Produce a user security policy.
    b) Establish a staff induction process where new users are given enough training about           current security threats, its solutions etc. 
   
6) Incident management
    a) Obtain senior management approval and backing. 
    b) Establish an incident response and disaster recovery. 
    c) Provide specialist training for the incident response team. 

7) Malware Prevention
   a) Develop and publish corporate policies
   b) Establish anti malware defences across the organisation. 
   c) Scan for malware across the organisation for threats identification and removal. 

8) Monitoring
   a) Establish a monitoring strategy and supporting policies.
   b) Monitor network traffic.

9) Removable media controls
   a) Produce a corporate policy for the use of removable media, for example limiting the        use of removable media etc. 
    b) Scan for threats in removable media

10) Home and mobile working
   a) Assess the risks and create a mobile working policy. 
   b) Educate the users and maintain their awareness
   c) Apply the secure baseline build. 

The above information have been posted based on a request. I hope this will help. If you need more information please feel free to e-mail me or comment below. 

No comments:

Post a Comment

If anyone has any other questions or requests for future posts,how to posts, you can ask me in comments or email me. Please don't feel shy at all!

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. I would love to hear your thoughts! Be sure to check back again. I would certainly reply to your comments :)