This collection is designed for security professionals and technical staff as a

10 Steps to summary of NCSC advice for medium to large organisations. We recommend you
start by reviewing your approach to risk management, along with the other nine

Cyber Security areas of cyber security below, to ensure that technology, systems and information
in your organisation are protected appropriately against the majority of cyber
attacks and enable your organisation to best deliver its business objectives.

Risk management Identity and access

Take a risk-based approach management
to securing your data and Control who and what can
systems. access your systems and data.

Pro
du
ks Im
ce
ris psl u
’s e Data security
Engagement and training

pmp
n
Collaboratively build security Protect data where it is

io

eon
vulnerable.

at

rtti a
that works for people in your

nis

ng
organisation.

pp
rstand your orga

rirsokp
m
ria
atneam
Asset management Logging and monitoring
Know what data and systems Design your systems to be

geitm
you have and what business able to detect and investigate
need they support. incidents.

ige
ant
e

t
io
d

pnos
Un

lic
Architecture and

ie
Incident management

s
configuration Plan your response to cyber
Design, build, maintain incidents in advance.
and manage systems Pr
ep
securely. are n ts
for cy b er in cid e

Vulnerability management Supply chain security

Keep your systems protected Collaborate with your
throughout their lifecycle. suppliers and partners.

© Crown Copyright 2021 www.ncsc.gov.uk @NCSC Natinal Cyber Security Centre @cyberhq