UK government guidelines, prepared by GCHQ, state that “Defining and communicating your Board’s Information Risk Management Regime is central to your organisation’s overall cyber strategy.”
The checks on your information risk management strategy should include the following:
- Secure configuration
- Network security
- Managing user privileges
- User education and awareness
- Incident management
- Malware prevention
- Monitoring ICT systems and traffic
- Removable media controls
- Home and mobile working
You should have a published Information Risk Management Regime covering all of the above. The ISO 27001 standard provides an excellent basis for implementation.
The threats to your information security are both internal and external. Awareness of the constant system changes and software updates is essential for your protection. Our risk audit will help you to measure your current state of preparedness for the inevitable disruption that could affect your business at any time.