The foundations of your cyber security strategy have already been outlined in Part 1 of our Guide. This second part deals with implementation. In concrete terms, this will involve questions like: What objectives do you need to set yourselves? What features characterise an effective cyber security strategy? And why is it worth seeking certification for your business’s internal ISMS (information security management system)? All of these issues and more are covered in this, the second section of our Cyber Security Guide.
“Cyber attacks on our company? You’re kidding – we’re of no interest to hackers. Why would they bother with us?” We hear phrases like this again and again. Unfortunately, however, they reflect a misunderstanding of the facts. This is because very often cyber criminals specifically target smaller businesses employing fewer than 1,000 people. Do you know why? Because such companies are the very ones that are not (yet) sufficiently aware concerning matters of information security. This, in turn, means more opportunities for hackers to attack. What’s more, unprotected systems represent the ideal target for cyber criminals, as they are very easy to manipulate in such as way that they form part of a massive cluster of systems in conjunction with those of other organisations. Together, they can then be used to carry out a large-scale distributed attack.
These are the reasons why it’s vital for that your business protects its information and sets meaningful cyber security goals. What, you might be wondering, will these involve? Allow us to put you on the right track. A clearly devised cyber security strategy will necessarily include the following four elements:
You’ve set your objectives so let’s start with the details of executing them. An ISMS (information security management system) provides the framework for ensuring information security in your organisation. While there are, of course, a variety of guidelines in existence, we recommend to all our clients the ISO/IEC 27001 standard or the NIST Cyber Security Framework (CSF). There are all sorts of reasons why it makes sense to certify your internal ISMS. Elements common to all frameworks, however, include the following:
Once you have decided on a framework, there’s nothing to stop you implementing it successfully.
It’s worth mentioning one piece of advice up front: actively involve your directors or senior managers in your certification plans. Our experience shows, in fact, that a management system for information security only becomes effective if everyone in the business is on board. In addition, it’s also vital to think through the following issues and identify corresponding actions:
Not yet sure about the whole thing? If so, we’d be happy to help – and to show you the benefits certification can bring for you and your business, including:
You can find the complete list of all benefits in our Cyber Security Guide white paper. This also lists the final three points of our master plan for maximum cyber security. Have we convinced you? And are you keen to get started on implementing your strategy now? Then download our complete Cyber Security Guide right away and start developing or implementing your cyber security strategy without delay.
You can download your free-of-charge Cyber Security Guide here: