Cyber Security - Some simple facts

8th January 2024

The simple fact(s) in cyber and information security is that there is NO right and wrong way to go about things. Yes there are frameworks / standards and guidance, which are good practices. BUT the right way for YOUR organisation may be totally different to that of another organisation. Yes you may have the same goal of strong security, but what does that ultimately mean?

It means putting controls, policies, procedures, monitoring, testing and refinement AND possibly shiny boxes in place that are relevant to YOUR organisations risk appetite, threats faced, vulnerabilities in place and the likelihood of exploitation. If you can’t quantify those 4 things, you must, even at a basic level. Then do the basics well; patching, JML, RBAC, asset management, 3rd party risks, monitoring and alerting, IR/BCP planning (AND testing) and then refine what isn’t working. It’s by no means a complete list, and as above what’s right for one isn’t right for another. But as a quick reference, try and do the following well and where you need assistance, ask one of our consultants!

– Know your assets
– Know your attack surface, external and internal, 3rd parties and data processors
– Know your organisation’s risk appetite
– Know what / who you’re monitoring and more importantly what you’re not
– Know where your key data assets / critical systems reside and who looks after them
– Know how long it will take and even if you can restore from backups
– Know who or what will be the most severely affected, and talk to them about it!