(844) 982-6824 

Here’s your first step to developing a cybersecurity program

Last updated on

By Rick Ball, VPC Cyber/Continuity of Operations Branch Director

Two programers holding laptop with coding interface walking towards desk and sitting down

The old adage that “you don’t know what you don’t know” certainly applies to Cyber security and can be costly. What are the first steps to developing a Cyber-attack protection program?.

Every business, regardless of size, should conduct a Cyber risk  assessment. An example of how Cyber risk is measured is as follows: Cyber risk = threat x vulnerability x information value. There are numerous excellent standards-based plans available from the web, or you could hire a consulting firm to do one for you, which is what I advise to avoid any impartiality. A good standards-based assessment can be a time-consuming and complex endeavor.

However, the information gleaned from the assessment will allow you to best prepare your business.

The next step in the process is to develop your Cyber threat policies and procedures. This should be done in conjunction with some of your existing data and physical security policies/procedures, and should also include risk management.

Once the Cyber policies/procedures have been established, then the next step would be to establish a Cyber Security Incident Response Team (CSIRT), whether it be internal or external with a virtual Chief Information Security Officer (vCISO)  or MSSP.

Final aspect you should consider is to obtain a Cyber insurance policy from a reputable firm, preferably from one that specializes in Cyber insurance and has done so for several years. Whatever you do, please do not assume your general liability insurance will cover you, as many have specific limitations and minimal coverage. 

References for Cyber Risk Assessment:

You may also be interested in these items

How Immaculate Heart of Mary administrators saved time and benefited from outside safety audits
See how Immaculate Heart of Mary School in Indianapolis turned to VPC for documentation, but received far more with hands-on de-escalation training.
The invention of the active shooter
Active threat situations aren't new, but the words we use, the training we employ, and the reaction we have are.
CHEP test prep guide and practice exam for healthcare emergency management
Prepare to take the CHEP with this guide and practice exam. A CHEP prep course is also available.

We've worked with these and dozens of other partners across the U.S.