Just like medical hygiene, ‘cyber hygiene’ consists of taking precautions in advance to eliminate or reduce information risk rather than merely reacting to fix problems as they arise. This requires accurate knowledge of your assets, their vulnerabilities and the threats to which they are exposed.

Most importantly though, it relies on consistent expectations and goals in relation to risk at all levels of the organisation so that everyone, whatever part they have to play, is ‘singing from the same song sheet’.

Keys to achieving this include

a clearly understood common purpose from Boardroom to basement
accurate knowledge of your business environment and goals
realistic appreciation of your corporate risk appetite
business-oriented top down management of risk
universally applied risk standards, criteria and processes
a ‘mission command’ culture of distributed responsibilities and authority
excellent communication - up, down and sideways

These are the fundamentals of a robust information risk governance framework that provides both strategic coordination and continuous tactical oversight of the way information risk is managed, from business exposure to technical countermeasures, across the entire organisation. It improves assurance of RoI, reduces the likelihood and impact of incidents and smoothes the path to business growth.