- Building an adaptive Information security Management system with full executive ownership
- Incident handling policies and procedures
- Business continuity, disaster recovery & crisis management planning including back-up solutions.
- Supply chain security and third-party risk management policies and procedures.
- Policies and procedures to ensure security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure.
- Implement continuous monitoring of risk management control measures.
- Basic cybersecurity hygiene practices and Awareness training for employees.
- Appropriate use of cryptography and encryption.
- Human resources security including due diligence in hiring-onboarding and off-boarding, digital assets management, and identity and access management controls.
- Multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.
