02 Communication System
Understand what you need to protect
Section titled “Understand what you need to protect”Identify the information systems your organization manages. Assess security risks (threats and vulnerabilities) and the business impact of any security breaches..
Design your information security
Section titled “Design your information security”When planning, selecting, and designing, consider information security early on. Design security measures that align with your organization’s risk appetite, privacy, legal, and regulatory obligations. This will help mitigate the risks your organization is exposed to.
Adopt an appropriate information security management framework that is suitable for your risks.
Validate your security measures
Section titled “Validate your security measures”Confirm your information security measures have been correctly implemented and are suitable for the intended purpose. Complete the certification and accreditation process to ensure your systems have been approved for operation.
Keep your security up to date
Section titled “Keep your security up to date”Ensure your information security remains effective by: • Monitoring for security events and responding accordingly • Staying abreast of emerging threats and vulnerabilities • Maintaining appropriate access control to your information.