Cyber Security Guide_part one_Masterplan_InfoGuard

The “Cyber Security Guide”: a master plan for maximum Cyber Security

So, you have a single clear aim: to ensure the best possible security for your organisation. It sounds easy, doesn’t it? The reality, however, is much more complex. Nowadays, cyber-crime is unfortunately an everyday occurrence. The degree to which Swiss companies have found themselves under attack has risen significantly and is likely to increase still further over the coming year. No organisation can consider itself safe – including your own. However, to ensure you enjoy the best possible level of defence, and to bring your cyber security measures in line with the latest standards, InfoGuard has drafted this “Cyber Security Guide” for managers like you. In this article, you’ll discover the steps you need to take in order to implement successful cyber security management – and the particular steps you should ideally start with right now...

We have set ourselves the goal of providing all those responsible for cyber security with the best possible support for their daily activities. In fact, we’ve gone so far as to make your life so simple that you can get back to concentrating on only the most essential matters. You can do this with the help of our handy guide, which outlines a master plan for maximum cyber security. It consists of a nine-point plan developed by us and that we will be presenting over the course of a three-part series of blogs during the coming weeks. Anyway, let’s get down to business. We’ll start with the first three points:

1. Bringing senior managers on board

There’s probably no organisation in the world that doesn’t digitally depict its business processes in one form or other. Why? Because of the need to document the processes and background issues involved. It’s essential that you are familiar with and understand your business’s legal situation and the associated security standards and IT compliance requirements. Only by gaining such an awareness of the these requirements can you reduce – or even avoid – the likely risks. Even so, it’s worth remembering one thing: that there’s no such thing as absolute security, or in other words, absolute protection from cyber-attacks.

What’s more, a variety of additional laws, standards and principles will apply alongside any industry-specific guidelines, such as those for financial institutions and healthcare providers, not to mention current security standards including ISO 27001, the NIST Cyber Security Framework and the BSI “IT-Baseline Protection” methodology. Specific regulations to be considered include the following:

  • The Swiss Data Protection Act
  • Regulations for specific sectors, such as FINMA, PCI DSS, HIPAA, and so forth
  • IT Security Act
  • The EU’s Directive on Security of Network and Information Systems, which includes a reporting obligation for operators of critical infrastructures and large online service providers

2. Bringing senior managers on board

In the second stage of the process, it’s important that you secure comprehensive and appropriate support for your plan. In other words, as the person responsible for security, you need to get senior management – right up to director or chief officer level – on board and involved with the issue of cyber security. This is the basis for efficient cyber security management. It’s therefore vital that you convince senior executives of the importance and value of cyber security. Our experience shows that inadequate understanding of the importance of the topic and insufficient support from the management team can be – and often is – one the main reasons for a failure in cyber security policies.

You should therefore ask yourself the following questions. Do you have the support of your directors and managers? Are your senior managers fully aware and – importantly – also involved in the cyber security process? If not, then you know what to do. If the answer is yes, then let’s move straight to the next point.

3. Gaining awareness of your particular risks

How sure are you that you’re secure? After all, risks can be present anywhere – yes, absolutely anywhere. The plus side of this is that most organisations are aware of this fact and will have developed a risk management policy. This represents an essential component of your information security management system or ISMS. The aim here is to help you enhance your levels of security, thereby reducing risks and fulfilling compliance requirements. Here are some of the aspects to cover:

 

  • Logging and evaluation of all assets within the field of application
  • IT risk management focused on specific defensive goals
  • Assessment built around the threats, the weaknesses and the adequacy of the measures adopted
  • ... and more besides.

 

Your internal control system (ICS) represents another important management tool within your organisation. Indeed, it’s worth remembering the following maxim: that while trust is good, control is even better. An effective ICS involves recognising all potential risks associated with your operational business processes and defining the associated control mechanisms. The goal will always be to reduce the greatest risks to an absolute minimum. To find out about the best ways of doing this, consult our “Cyber Security Guide”.

The guide will inform you of the ways in which such a tool can make your work easier, which laws you need to be aware of, and the reasons why it’s important to get senior management on board (and how you can do this). In the next two blog articles, we’ll also introduce the remaining six steps of our nine-point master plan. A good motto to remember, then, is to “Stay alert – for security’s sake!"

Available here – your free-of-charge Cyber Security Guide

Interested to find out more? Then download our guide right away and start developing or implementing your cyber security strategy. Here is the link for downloading our “Cyber Security Guide”:

 

Cyber Security Guide

 

 

<< >>

Cyber Security

Reinhold Zurfluh
About the author / Reinhold Zurfluh

InfoGuard AG - Reinhold Zurfluh, Head of Marketing, Mitglied des Kaders

More articles from Reinhold Zurfluh


Related articles
A gift, you wouldn't wish even on your worst enemy [Part 1]
A gift, you wouldn't wish even on your worst enemy [Part 1]

Ryuk, Trickbot, Emotet & Co. – these are all the names of ransomware that made their mark in 2019 and are [...]
A look into the cyber crystal ball – the Threat Report 2020
A look into the cyber crystal ball – the Threat Report 2020

The rapid developments in the world of cyber security are nothing new. And although – or because – you have [...]
Cyber security “young blood” in the starting blocks – National Future Day 2019
Cyber security “young blood” in the starting blocks – National Future Day 2019

Once again it was a full house this year for the National Future Day, which took place on 14 November 2019. [...]
Cyber Security Blog

The InfoGuard Cyber Security Blog informs you regularly about news and detailed reports from the world of Cyber Security and Cyber Defence.

Blog update subscription
Social Media
infoguard-cyber-security-phishing-poster-en