Post on 29-Dec-2015
Agenda
1. Aims: Reducing Cyber Risk 2. Information Risk Management3. Secure Configuration4. Network Security5. Managing User Access 6. Education & Awareness7. Incident Management8. Malware Prevention9. Monitoring10. Removable Media11. Mobile Working 12. Summary
Information Risk Management
• Adopt a framework • Determine baseline level of risk for organisation • Regularly discuss risk at board meetings • Treat risk as a lifecycle
Secure Configuration
• Implement hardware / software asset register • Baseline security builds for all network components • Daily updates / patches • Regularly scan for vulnerabilities
Managing User Access
• Limit admin accounts • Monitor & audit users• Establish account management process
Education & Awareness
• User security policy• Staff security induction • Refresher training on security threats • Formal assessment of staff knowledge
Malware Prevention
• Anti virus throughout organisation • Regular malware scans • Regularly update anti virus