Summary
A 20-step, best-practice guide for effective risk management.

Key Points:

  • Governance:
    • Identify who is accountable for your security at board/executive level – ensure a clear reporting line to all staff with security responsibilities.
    • Monitor and evaluate security management across your organisation.
    • Create a soft and hard security culture; lead by example and establish robust procedures for dealing with poor security behaviour.
  • Assets:
    • Identify which of your assets are critical.
    • Look beyond your immediate organisation to suppliers and contractors.
    • Identify threats to your most valuable assets.
  • Transparency:
    • Security principles, policies and procedures should be transparent.
    • An ethical approach will gain employee support and buy-in from stakeholders.
  • Information security:
    • Establish an information and cyber security policy that identifies and controls appropriate risks.
    • Ensure everyone who handles information is aware on their legal responsibility to protect it.
    • Provide training on safe online behaviour.
    • Equip staff if working from home or on the move on keeping information safe.
  • Personnel:
    • Good personnel security begins at recruitment.
    • Review access privileges for all staff when transferring roles or leaving.
  • This guide is an accessible and thoughtful approach to boost business resilience.