The NCSC's framework for building organisational cyber resilience
The National Cyber Security Centre (NCSC) developed the 10 Steps to Cyber Security as a practical framework to help organisations manage their cyber security risk. Here's what each step means in practice.
1. Risk Management
Understand the cyber security risks your organisation faces and put in place appropriate governance and risk management processes.
2. Engagement and Training
Build security awareness across your organisation. People are both your greatest vulnerability and your best defence.
3. Asset Management
Know what hardware and software you have. You cannot protect what you do not know about.
4. Architecture and Configuration
Design your systems with security in mind. Apply secure configuration baselines to all devices.
5. Vulnerability Management
Keep your software patched and up to date. The majority of successful attacks exploit known, patchable vulnerabilities.
6. Identity and Access Management
Control who has access to your systems and data. Use multi-factor authentication wherever possible.
7. Data Security
Understand what data you hold, classify it appropriately, and protect it accordingly.
8. Logging and Monitoring
You need visibility of what is happening on your network to detect and respond to incidents.
9. Incident Management
Have a plan for when things go wrong. Practice it. Know who to call and what to do.
10. Supply Chain Security
Your security is only as strong as your weakest supplier. Understand and manage the risks in your supply chain.
RED5 can help you assess your current posture against these 10 steps and build a roadmap to improve your cyber resilience. Contact us to find out more.
