How do I prepare my business?
Whilst it is difficult to predict when the organisation is going to be attacked, the business needs to assume that it is always under attack. By preparing, the business is quicker to respond to a successful attack and will have a recovery plan in place so that there is minimal impact to the business.
The elements of the Prepare Stage
All key business assets need to be identified and classified to understand what impact an incident would have on your ability to maintain your business processes and services.
It is essential to have full visibility of your digital and physical assets and their interconnections, and for the board, departmental and business leaders to understand their current business critical assets and risk exposure.
A complete inventory will include key intangible assets, physical networks, and hardware plus assets outside an organisation on which the business relies, such as third-party supply contracts.
To assess an asset’s risk, it is important to measure:
- The overall threat to the asset (both inside and outside the organisation);
- Its intrinsic and environmental vulnerabilities;
- The cost of damage, interruption, and recovery should it be compromised.
Once the risks are identified, they should be compared relative to each other, to identify those which need prioritisation and warrant the most attention.
It is important to continually monitor and review the risk environment; to detect any changes in the context of the organisation, and to maintain an overview of the complete risk management process.
Know the security priorities for your organisation
Understand how you can improve your organisation's cyber readiness.