Cybercrime prevention strategy and incident management plan

Published by a ÀÏ˾»úÎçÒ¹¸£Àû Practice Compliance expert
Precedents

Cybercrime prevention strategy and incident management plan

Published by a ÀÏ˾»úÎçÒ¹¸£Àû Practice Compliance expert

Precedents
imgtext
    1. 1

      Introduction

      1. 1.1

        This strategy and plan builds on and supplements our other data management and security policies and procedures, namely our:

        1. 1.1.1

          [[Data protection policy;]]

        1. 1.1.2

          [[Data breach plan;]]

        1. 1.1.3

          [[Information management and security policy;]]

        1. 1.1.4

          [[Bring your own device policy;]]

        1. 1.1.5

          [[Password policy;]]

        1. 1.1.6

          [[Information Communications Technology (ICT) Plan;]]

        1. 1.1.7

          [[Internet and electronic communications policy (including social media);]]

        1. 1.1.8

          [[Remote working and removable media policy;]]

        1. 1.1.9

          [[Business continuity plan (BCP).]]

    1. 2

      Purpose and scope

      1. 2.1

        The purpose of this document is to establish systems and controls to protect the [firm OR company] from cybercriminals and associated cybersecurity risks, as well as set out an action plan should the [firm OR company] fall victim to cybercrime.

      1. 2.2

        This plan is relevant to all staff[ in every office].

    1. 3

      Responsibility

      1. 3.1

        [Insert name] is responsible for this strategy and plan.

      1. 3.2

        They are responsible for:

        1. 3.2.1

          conducting and maintaining cybercrime/cybersecurity risk assessments;

        1. 3.2.2

          monitoring compliance with this strategy and related policies and procedures;

        1. 3.2.3

          invoking the relevant incident management

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
incident definition
What does incident mean?

any event having an actual adverse effect on the security of network and information systems. Although the NIS Regulations are primarily aimed at improving cybersecurity, the definition of incident is wide enough to include non-cyber incidents, such as interruptions to power supplies or natural disasters such as flooding

Popular documents