A 20-step, best-practice guide for effective risk management.
- Identify who is accountable for your security at board/executive level – ensure a clear reporting line to all staff with security responsibilities.
- Monitor and evaluate security management across your organisation.
- Create a soft and hard security culture; lead by example and establish robust procedures for dealing with poor security behaviour.
- Identify which of your assets are critical.
- Look beyond your immediate organisation to suppliers and contractors.
- Identify threats to your most valuable assets.
- Security principles, policies and procedures should be transparent.
- An ethical approach will gain employee support and buy-in from stakeholders.
- Information security:
- Establish an information and cyber security policy that identifies and controls appropriate risks.
- Ensure everyone who handles information is aware on their legal responsibility to protect it.
- Provide training on safe online behaviour.
- Equip staff if working from home or on the move on keeping information safe.
- Good personnel security begins at recruitment.
- Review access privileges for all staff when transferring roles or leaving.
- This guide is an accessible and thoughtful approach to boost business resilience.