The UK National Cyber Security Centre (NCSC) have published the 10 steps to Cyber Security (originally published by CESG) in 2012. The 10 steps are basic security controls that that organisations can use to build a security program as minimum baseline.
The ten steps are build arounf the risk management regime and as follows.
- Network Security
- User education and Awareness
- Malware prevention
- Removable media controls
- secure configuration
- managing user priviledges
- incident management
- home and mobile working
While these may seem very basic and every organisation should already have in place, you will be suprised how many organisations they dont have these controls in place, including small and large organisations.
From experience point of view, most organisation they dont have mature security programs and they want to make a big jump, without starting with the basics! The proper way is to start small and build up the security program, and it should be top down approach, which the 10 steps to cybersecurity start with Risk Management Regime which should be driven by the senior management.
To explore more, visit https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security