(844) 982-6824 

Here’s your first step to developing a cybersecurity program

Last updated on

By Rick Ball, VPC Cyber/Continuity of Operations Branch Director

Two programers holding laptop with coding interface walking towards desk and sitting down

The old adage that “you don’t know what you don’t know” certainly applies to Cyber security and can be costly. What are the first steps to developing a Cyber-attack protection program?.

Every business, regardless of size, should conduct a Cyber risk  assessment. An example of how Cyber risk is measured is as follows: Cyber risk = threat x vulnerability x information value. There are numerous excellent standards-based plans available from the web, or you could hire a consulting firm to do one for you, which is what I advise to avoid any impartiality. A good standards-based assessment can be a time-consuming and complex endeavor.

However, the information gleaned from the assessment will allow you to best prepare your business.

The next step in the process is to develop your Cyber threat policies and procedures. This should be done in conjunction with some of your existing data and physical security policies/procedures, and should also include risk management.

Once the Cyber policies/procedures have been established, then the next step would be to establish a Cyber Security Incident Response Team (CSIRT), whether it be internal or external with a virtual Chief Information Security Officer (vCISO)  or MSSP.

Final aspect you should consider is to obtain a Cyber insurance policy from a reputable firm, preferably from one that specializes in Cyber insurance and has done so for several years. Whatever you do, please do not assume your general liability insurance will cover you, as many have specific limitations and minimal coverage. 

References for Cyber Risk Assessment:

You may also be interested in these items

Greenwood, Johnson County teams participate in new Incident Command Workshop for public and municipal employees
Vantage Point Consulting, at the request of the City of Greenwood Stormwater District, developed a custom, one-of-a-kind incident command workshop designed exclusively for municipal workers.
​​Just what are environmental health and safety specialists looking for anyway? Here are the first 50
EHS and OSHA inspections overlap a lot in what they do, but Environmental Health and Safety can guard against so much more. Here's just the …
Here’s how to evaluate HSEEP consistent courses and exercises this year
These guiding principles make for a better exercise and evaluation program. An HSEEP consistent exercise program follows the same principles. You should look for these …

We've worked with these and dozens of other partners across the U.S.