Just like medical hygiene, ‘cyber hygiene’ consists of taking precautions in advance to eliminate or reduce information risk rather than merely reacting to fix problems as they arise. This requires accurate knowledge of your assets, their vulnerabilities and the threats to which they are exposed.
Most importantly though, it relies on consistent expectations and goals in relation to risk at all levels of the organisation so that everyone, whatever part they have to play, is ‘singing from the same song sheet’.
Keys to achieving this include
These are the fundamentals of a robust information risk governance framework that provides both strategic coordination and continuous tactical oversight of the way information risk is managed, from business exposure to technical countermeasures, across the entire organisation. It improves assurance of RoI, reduces the likelihood and impact of incidents and smoothes the path to business growth.