...
Understand the legislative framework in which the business exists (eg does the Mandatory Data Breach legislation apply to you, are you a financial organisation and need to follow APRA regulations).
Understand the risk appetite of your business (this will probably evolve over the course of doing the assurance process).
Conduct a risk assessment (either formally or just as you are going through the assurance process).
Understand or create a cybersecurity strategy - it could be as simple as “we need to be better at cybersecurity” or a full document that states goals, objectives, steps, and priorities).
Understand the controls required - you may need some help with this. Like what exactly is Application Control?
Implement the controls as outlined in the Assurance level you are wanting to achieve.
Document the controls put in place.
Monitor, measure, and audit the controls regularly.
Rinse and Repeat.
Contents
| Child pages (Children Display) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...