Cyber essentials and IASME Governance
The Cyber Journey and Cycle
Cyber Essentials and IASME Governance is not about certification or
compliance, It is about business enablement. Allowing your teams to
work flexibly and in a secure and resillient way. Cyber Security is
seen as a bind or something that has to be done that comes at a cost.
of course a balanced and security in depth approach is going to cost
both fiancially and in your teams time. So it is important this is done
efficiently and in a balanced way. However, if done appropriately this
cost can be balanced and business efficiency can be gained.
Cyber essentials and IASME Governance
Cyber Essentials and IASME Governance is not about certification or compliance, It is about business enablement. Allowing your teams to work flexibly and in a secure and resillient way. Cyber Security is seen as a bind or something that has to be done that comes at a cost. of course a balanced and security in depth approach is going to cost both fiancially and in your teams time. So it is important this is done efficiently and in a balanced way. However, if done appropriately this cost can be balanced and business efficiency can be gained.
The TRaC Defence approach is to help you start or continue the journey to achieving a balanced approach to cyber security and resillience. The following tips talk through the main elements neeeded to understand what your business needs and how to implement it.
- Know your business and its systems: This is common sence right? The amount of companies that have organically grown there digital systems but have no clear view of what they are, what criticality they truely have to the business and what the effect would be if lost is actually common place. This is not just a technical focus, this should cover people, policies and process as this will help with the 2nd phase, but enable you to understand your business' complete capability .
- Understand the environemment and market thay your business operates in, is it subject to regulatory and legislative pressures and focus, if so what are they e.g. General Data Protection Regulation, Data Protection Act 2018.
- Understand your Risks and how this effects the critical systems as identified in point 1: But be sensible and dont get carried away with what you hear on the news. Are you effected by or potentially suceptable to a known vulnerability? When looking at risks think of the Cause of the potenital breach, The Event that leads up to it and the Consequence of the event occuring
- Risk Management and control. This is difficult and where some research is needed, you now known as a business your critical risks its now important to put these risks into perspective and develop a Security and resilience in depth capability that maintains your business when the inevitable happens... that’s right, 'The Inevitable'. you will suffer an event at some point, either from a virus or breach to your business or something your business is connected to. But let’s not worry about that now. This is where Cyber Essentials, IASME Governance and as you grow larger frameworks such as ISO 27000 series can help you put in place the appropriate controls.
