Information Risk Management Regime

1. Network Security

1.1. Protect your networks against external and internal attack.Manage the network filter out unauthorized access and malicious content. Monitor and test security controls

2. Incident Management

2.1. Establish an incident response and disaster recovery capability.Produce and test incident management plans.Provide specialist training to incident management team. Report criminal incidents to law enforcement

3. Malware Prevention

3.1. Produce relevant policy and establish anti-malware defences that are applicable and relevant to all business areas.Scan for malware across the organization

4. Managing User Privileges

4.1. Establish account management processes and limit the number of privileged accounts.Limit user privileges and monitor user activity .Control access to activity and audit logs

5. Monitoring

5.1. Establish a monitoring strategy and develop supporting policies.Continually monitor all ICT Systems and networks.Analyse security logs for unusual activity that could indicate an attack.

6. Removable Media Controls

6.1. Produce a policy to control all access to removable media.Limit media types and use.Scan all media for malware before importing into corporate system

7. Secure Configuration

7.1. Apply security patches and ensure that the secure configuration of all ICT systems is maintained.Create a system inventory and define the baseline build for all ICT devices

8. User Education and Awareness

8.1. Produce user security policies covering acceptable and secure use of the organization's systems.Establish a staff training programme.Maintain user awareness on Cyber risks

9. Home and Mobile Working

9.1. Develop a mobile working policy and train staff to adhere to it.Apply the secure baseline build for all devices .Protect data both in transit and at rest