• mitigating the risk| Roy Gillespie
  • the latest trends in cybercrime| Ultrich Kruger
  • developments in the law, in particular the Cybercrimes Act | Suad Jacobs
  • data breach implications and how to mitigate your risks as a company | Nicole Gabryk

Cyber security | risk mitigation

  • Organisations are increasingly looking to protect themselves
  • Various cyber security standards ISO Global Standards (27001, 27005, 27032), NERC, NIST, ANSI/ISA, IEC62443 etc. which provide information security risk management and cybersecurity guidelines
  • Earlier this year the SEC issued a report on Cybersecurity and Resiliency Practices applicable to public companies across a range of industries at a time when cybersecurity threats continue to touch every region of the world and virtually every sector of the economy.
  • Governance and risk management —establishing board and senior leadership oversight of cybersecurity and resiliency programs, conducting risk assessments, creating written policies and procedures that address cybersecurity issues, testing and monitoring of relevant policies, updating policies and procedures to address any gaps or weaknesses and developing methods of communicating internally and externally regarding cybersecurity issues.
  • Access rights and controls—understanding, managing and monitoring user access to data and systems.
  • Data loss prevention —developing a vulnerability management program to conduct routine scans, implementing security measures to intercept threats and block access to personal email or other insecure platforms, implementing security measures to detect threats at endpoints, using a patch management program, keeping an inventory of hardware and software assets, using encryption and network segmentation, monitoring insider threats and securing legacy systems and equipment.
  • Mobile security —creating policies and procedures relating to the use of mobile devices, managing use of mobile devices, mandating the use of multi-factor authentication and training employees on relevant policies and procedures.
  • Incident response —establishing a risk-assessed incident response protocol, complying with applicable reporting requirements, designating responsibilities for specific employees in the event of a cyber-related incident and testing the incident response protocol.
  • Resiliency—keeping inventory of core business systems and processes, creating an operational resiliency strategy that assesses risk tolerance and contemplating other safeguards such as storing back-up data offline or on another network.
  • Vendor management —establishing a vendor management program to ensure that security measures and other safeguards are followed, understanding the specific terms of any agreements with vendors and monitoring and testing the vendor relationship for potential issues.
  • Training and awareness —training employees on cybersecurity policies and procedures, providing employees with specific examples and exercises during training and monitoring the effectiveness of training.

Click here to continue reading ...

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.