Thomas Levy

Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education & Awareness 7.Incident Management 8.Malware Prevention 9.Monitoring 10.Removable Media 11.Mobile Working 12.Summary

Aims: Reducing Cyber Risk Identify Monitor Maintain

Information Risk Management Adopt a framework Determine baseline level of risk for organisation Regularly discuss risk at board meetings Treat risk as a lifecycle

Secure Configuration Implement hardware / software asset register Baseline security builds for all network components Daily updates / patches Regularly scan for vulnerabilities

Network Security Protect Monitor Test

Managing User Access Limit admin accounts Monitor & audit users Establish account management process

Education & Awareness User security policy Staff security induction Refresher training on security threats Formal assessment of staff knowledge

Incident Management Incident response Disaster recovery Senior manager approval

Malware Prevention Anti virus throughout organisation Regular malware scans Regularly update anti virus

Monitoring Systems Network traffic

Removable Media Policies Scanning Encryption Corporate v Personal

Mobile Working Policy Awareness Security Baselines

Information Assurance Cuboid

Summary Choose a security framework Create policies Monitor