A Practical Approach to Developing a Cybersecurity Programme

David Fairman

INTRODUCTION

This chapter outlines an approach to developing a cybersecurity programme that has been proven to be successfully implemented in multiple organisations. This approach has been studied by the author and consequently applied in addition to their experience gained as a practitioner.

The chapter will discuss some basic fundamental concepts related to information security, cybersecurity and risk management that should form the basis of any good cybersecurity programme. Specifically, we will define cybersecurity, then discuss critical assets (the “crown jewels”) and the three tenets of security – confidentiality, integrity and availability – then go on to discuss risk-and-control frameworks and governance. We will then continue to present the basic framework for a cybersecurity programme exploring several concepts and approaches as to how to practically implement the programme in addition to discussing the core domains found in such a programme.

Throughout the chapter, we will recap the key points and steps an organisation should take. Practical implementation can be the biggest challenge when developing such a programme, and the techniques used to implement and

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: