Cyber Security Basics for Your Business (10 steps anyone?)

The UK National Cyber Security Centre (NCSC) have published the 10 steps to Cyber Security (originally published by CESG) in 2012. The 10 steps are basic security controls that that organisations can use to build a security program as minimum baseline.

The ten steps are build arounf the risk management regime and as follows.

  • Network Security
  • User education and Awareness
  • Malware prevention
  • Removable media controls
  • secure configuration
  • managing user priviledges
  • incident management
  • monitoring
  • home and mobile working

While these may seem very basic and every organisation should already have in place, you will be suprised how many organisations they dont have these controls in place, including small and large organisations.

From experience point of view, most organisation they dont have mature security programs and they want to make a big jump, without starting with the basics! The proper way is to start small and build up the security program, and it should be top down approach, which the 10 steps to cybersecurity start with Risk Management Regime which should be driven by the senior management.

To explore more, visit

Author: kinyoka

A certified Information Security professional, with demonstrated experience spanned more than 10 years in financial, banking, consulting, and payment card industries in managing Information Security System Management ISMS. A post graduate degree holder in Information Security Management (M.Sc); Certified Information Security Manager (CISM), Payment Card Industry Qualified Security Assessor (PCI QSA), SABSA Chartered Security Architect (SCF), ISO 27001 Lead Auditor, CREST Registered Technical Security Architect (TSA), CREST Registered Penetration Tester (CRT), and a member of ISACA. Demonstrated to be reliable, trustworthy, and meticulous person; working in a controls-focused environment, multinational, and multicultural organisation over the years and gained a good understanding of what is required of the Information Security professional. . Specialties: ISMS based on ISO/IEC 27001/2 Payment Card Industry (PCI) DSS - QSA led services - PCI Scoping, Gap Analysis and Formal Assessment (RoC) IT Governance, Risk and Compliance (GRC) Management Cyber Security Penetration Testing Enterprise Security Architecture Technical Security Architecture

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: