Best-practice cyber security governance

Recommended cyber security policies and governance approaches include the following:

• Your organisational risk management processes include a cyber security component
• Cyber security incident response processes are well established
• You have implemented an end-user security policy – if you don’t have one, you can download our template and modify it to your organisation’s needs
• You’ve taken out cyber security insurance, if it is appropriate to your organisation’s needs.

Cyber security & the cloud

If you use cloud-based applications (often called SAAS or Software as a Service), such as a service delivery or finance system, you should confirm these are being kept properly secure. Contact your application provider and ask them:

• Do they have a backup plan, will you be able to access your data if their site goes down, and can they recover your data if it’s lost?
• What are your responsibilities for keeping data secure?
• Do they regularly update their software and servers to protect from emerging threats?
• Are there additional tools or add-ons you should use to enhance your data security?
• How do they dispose of data if you stop using their service?