Anti-phishing tools

Anti-malware tools

Effective Security Vulnerability Management Program

Effective Security awareness program

integrate with other organizational governance processes

support user choice for Bring Your Own Device (BYOD)

integrate with other organizational governance processes

show a return on investment for the organization

Risk Avoidance

Risk Acceptance

Risk Transfer

Risk Mitigation

Test every three years to ensure that things work as planned

Conduct periodic tabletop exercises to refine the BC plan

Outsource the creation and execution of the BC plan to a third party vendor

Conduct a Disaster Recovery (DR) exercise every year to test the plan

Budgeting for unforeseen data compromises

Streamlining for efficiency

Alignment with the business

Establishing your authority as the Security Executive

security threat and vulnerability management process

risk assessment process

risk management process

governance, risk, and compliance tools

Information Technology Infrastructure Library (ITIL)

International Organization for Standardization (ISO) standards

Payment Card Industry Data Security Standards (PCI-DSS)

National Institute for Standards and Technology (NIST) standard

Control Objectives for IT (COBIT)

Payment Card Industry-Data Security Standard (PCI-DSS)

International Organization Standard (ISO) 27002

National Institute of Standards and Technology (NIST) SP 800-30

Security officer

Data owner

Vulnerability engineer

System administrator

How vulnerabilities can potentially be exploited in systems that impact the organization

How the security operations team will behave to reported incidents

How the firewall and other security devices are configured to prevent attacks

How the incident management team prepares to handle an attack