say something’ habit and the development of practical work-arounds in case IT systems are shut down due to a cyber incident.
4. Top management are trained in their governance role, as well as their decision-making role in the event of an emerging/evolving information security incident. By means of workshops using mini scenarios, they share views on their organisation’s information security risk appetite and related risk evaluation criteria. These can then be utilised by Security staff to select feasible and reasonable treatment options.
5. Information security management documentation is simple to maintain (e.g. by using colour coding and bullet-style checklists and Quick Reference Cards) and based on a
top-down holistic approach (e.g. by working with a small number of impact-based scenarios). It resides on an interactive, common platform such as the organisation’s
Ms Rinske Geerlings is an internationally known, award winning consultant, speaker and certified trainer in Information Security, Risk Management, Disaster Recovery and Business Continuity with over 20 years global experience. She implements, audits and trains staff in ISO 27001, ISO
She was awarded Risk Consultant of the Year 2017 (RMIA – Australasia) and Outstanding Security Consultant of the Year Finalist 2019 (OSPAs Australia).
To build plans that work when you need it most, contact Rinske via www.businessasusual.com.au.
Sharepoint/LAN/Intranet site (i.e. one that the broader workforce already uses in their daily life) and has a remotely accessible copy in case IT systems are down.
6. Cyber incident rehearsals/simulations are fun and strongly encourage participants to make mistakes. They aim to identify gaps instead of covering them up (and then come to the surface during a real-life cyber incident). Exercises include audio-visual tools and a range of practical challenges/injects (including realistic testing of decision-making processes and staff notification systems if IT services are not to be used) in order to ensure management and staff develop a true readiness for cyber incidents.
The goal is for everyone to be able to sleep soundly at night knowing that, not only are good plans in place, but also that they are up to date, and that everyone knows what to do should an information security incident occur.