The importance of information security for organisations is growing dramatically due to a number of factors. Internet-connected devices — from infrastructure, to cars and home alarms — are becoming increasingly common. At the same time, we are seeing a major increase in IT-related incidents and antagonistic data security breaches. These breaches are committed by both criminal organisations and state-supported agents, which means society as a whole is affected from a security policy perspective.
4C’s 10 recommendations for enhanced information security should be seen as a first step towards a sustainable, long-term strategy to protect and preserve your most important information assets.
“Given that several private companies are responsible for critically important public services, there is a major need to enhance organisational capability to manage threats and vulnerabilities in the cyber field. 4C assists both the public and private sector in strengthening their cyber resilience, which lies at the heart of our mission to build a safer society.”
Håkan Jidmar, Principal Consultant and IT Security Expert
1. Start from square one
An initial, overarching risk analysis provides valuable information on threats and vulnerabilities.
2. Draw up an information security policy
Describe the path the company management wishes to take and the long-term aim of the organisation’s information security work in an information security policy.
3. Perform a gap analysis
Perform a gap analysis that forms a decision basis to present for the management, in which flaws and proposals for measures are presented.
4. Get management on board
Without the active participation of management and its understanding for information security work, the work will fail.
5. Analyse the greatest information security risks
Undoubtedly the most important and fundamental activity in information security work is the risk analysis.
6. Identify and classify information assets
In conjunction with the risk analysis, all the organisation’s information assets should be classified based on internal and external requirements for confidentiality, accuracy and accessibility.
7. Review crisis and continuity capability
Identify the most critical parts of the organisation’s operations, find the greatest risks and vulnerabilities, develop crisis and continuity plans and start doing exercises and tests.
8. Create long-term change in the organisation
Long-term and lasting change in information security work demands a cultural change that permeates the entire organisation.
9. Start measuring compliance
Define suitable measurement values, preferably with the help of KPIs, which show the organisation’s progress.
10. Start work on a small scale
Information security can be perceived as diffuse and intangible. To avoid this, it is important to start work on a small scale by adjusting the short-term information security goals to the organisation’s capability.
“With NATO SECRET accreditation and over 20 years of supporting military training worldwide, 4C Strategies is built on a foundation of information security, innovation and integrity. Our commitment to information security extends across our company practices, software development, cloud hosting environment, and consulting services for clients working in the most high-risk, mission-critical sectors of our society.”
Johan Wurtz, Chief Information Officer
Thank you for downloading!
The resource will be sent to the given email address. You are welcome to contact us with any question you may have.
Name*
Company*
Email*
checkbox is required
To learn more about how 4C Strategies process data, please read our
I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.
Thank you for downloading!
The resource will be sent to the given email address. You are welcome to contact us with any question you may have.
Name*
Company*
Email*
Phone number
checkbox is required
To learn more about how 4C Strategies process data, please read our
I agree to be contacted for the purpose indicated above, and to receive information about 4C Strategies’ products, services and events.
Download Resources
10 recommendations for enhanced information security
Expertise
Want to learn more?
Discover how you can build your IT Continuity and Incident Management capability with our services and Exonaut® software solutions.
Get in touch
