“Be Prepared!”

Just like medical hygiene, ‘cyber hygiene’ consists of taking precautions in advance to eliminate or reduce information risk rather than merely reacting to fix problems as they arise. This requires accurate knowledge of your assets, their vulnerabilities and the threats to which they are exposed.

Most importantly though, it relies on consistent expectations and goals in relation to risk at all levels of the organisation so that everyone, whatever part they have to play, is ‘singing from the same song sheet’.

Keys to achieving this include

a clearly understood common purpose from Boardroom to basement
accurate knowledge of your business environment and goals
realistic appreciation of your corporate risk appetite
business-oriented top down management of risk
universally applied risk standards, criteria and processes
a ‘mission command’ culture of distributed responsibilities and authority
excellent communication - up, down and sideways

These are the fundamentals of a robust information risk governance framework that provides both strategic coordination and continuous tactical oversight of the way information risk is managed, from business exposure to technical countermeasures, across the entire organisation. It improves assurance of RoI, reduces the likelihood and impact of incidents and smoothes the path to business growth.

All content (excluding quotations) and presentation © 2001-2024 Michael Barwise or © 2007-2024 Sapientior Ltd
Integrated InfoSec is a service and trade mark of Sapientior Ltd Registered in England & Wales, Company Number 6214497