Understand what you need to protect
Identify the information systems your organization manages. Assess security risks (threats and vulnerabilities) and the business impact of any security breaches..
Design your information security
When planning, selecting, and designing, consider information security early on. Design security measures that align with your organization's risk appetite, privacy, legal, and regulatory obligations. This will help mitigate the risks your organization is exposed to.
Adopt an appropriate information security management framework that is suitable for your risks.
Validate your security measures
Confirm your information security measures have been correctly implemented and are suitable for the intended purpose. Complete the certification and accreditation process to ensure your systems have been approved for operation.
Keep your security up to date
Ensure your information security remains effective by: • Monitoring for security events and responding accordingly • Staying abreast of emerging threats and vulnerabilities • Maintaining appropriate access control to your information.