Understand what you need to protect

Identify the information systems your organization manages. Assess security risks (threats and vulnerabilities) and the business impact of any security breaches..

Design your information security

When planning, selecting, and designing, consider information security early on. Design security measures that align with your organization's risk appetite, privacy, legal, and regulatory obligations. This will help mitigate the risks your organization is exposed to.

Adopt an appropriate information security management framework that is suitable for your risks.

Validate your security measures

Confirm your information security measures have been correctly implemented and are suitable for the intended purpose. Complete the certification and accreditation process to ensure your systems have been approved for operation.

Keep your security up to date

Ensure your information security remains effective by: • Monitoring for security events and responding accordingly • Staying abreast of emerging threats and vulnerabilities • Maintaining appropriate access control to your information.