Create a cyber risk management plan

 A solid cyber risk management plan will help ensure you are prepared for not only how to prevent an attack but what to do during and after an attack occurs.

Identify the Risk

The first step in your plan is to identify where the risk is. What is it you need to protect?

 Data may be the first thing that comes to mind, including customer records and personal information. Other assets may include intellectual property, funds (money) and system availability.  What would it cost you if your customers were unable to access your website for a day, a week or a month?

Identify Threats

What do you need to protect against?

Threats come in the form of social engineering and cyber fraud, phishing, malware, denial of service attacks and systems compromise.

For a deeper discussion of cyber threats check out this article.

Look at your business and the assets you want to protect and them assess what particular threats are associated with them.

Prioritise the risks

Compare the risks against each other and assess which risks are the most damaging and most likely to occur. This will help you identify what is the greatest threat to your business and help you to prioritise actions to be taken.

Plan to prevent attacks

Your plan should include how you will respond to the risks that have been identified including:

• Awareness and Training

• Practices for protecting and managing information and assets

• Actions the business will take to protect from the risks identified

Plan to Respond to an Attack

Think about what you would do during and after an attack occurs. This could establish how you will get your operations and networks back up and running and plan on how you will deal with any media fallout.

How detailed your Incident Response Plan is will depend on the size of your organisation and your networks.

Resources

The Australian Cyber Security Centre (ASCS) has information and guidance on preparing Incident Response Plans.