Creating and Deploying a Cyber Security Plan–NCSAM

Engaging a computer security professional to complete a network security assessment can be the start to developing a cyber-security plan that will help you reduce and eliminate the threats and vulnerabilities that could impact your business.

The important areas to consider are:

  • Prevention – the best defense is to keep the bad guys off your network in the first place.  Typical defenses include a hardware firewall, UTM (Unified Threat Management), or Intrusion Detection device, couple with a solid Internet Security software product installed on all your computers.
  • Resolution – your company should have a procedure in place that outlines what to do in the event of a breach or active attack.  The would include a call list, and instructions on how to preserve affected systems for forensic analysis.
  • Restitution – your company needs to have a procedure in place that defines what kinds of notice and remedies will be offered to employees or clients that may be impacted by a security breach that releases personally identifying information, or banking or credit card information.  You should also be thinking about what happens if you company suffers a loss of proprietary information or financial resources.

There are some great resources at FCC.gov but because of the “Government Shutdown” the web site has been pulled down for now.  If the FCC site ever comes back here’s the link for their Small Biz Cyber Planner.  Other helpful links can be found at StaySafeOnline.org

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.