The goal of your business Information Cybersecurity Plan or Program is to protect the Confidentiality, Integrity, and Availability of the data and people employed within the organization while providing value to the way we conduct business. Protection of confidentiality, integrity, and availability are basic principles of information security.

The plan needs to consist of statements of purpose, specific policies, notification procedures, educational components, and enforcement mechanisms. It contains the responsibilities of executive management the Information Security Officer, all other employees, contractors, and other third-party personnel. A plan without associated training is almost useless.

Flagstaff Tech Net will work with you to define training requirements, those that should be responsible for decisive action, and the various roles they should occupy in the plan when a security incident occurs. Examples of Security Incidents are:

• Unplanned downtime
• Denial of Service attack
• Malware/Ransomware attack
• Phishing/Spear Phishing attack
• Loss/Theft of documents or data
• Loss/Theft of equipment containing sensitive data
• Attempts from unauthorized sources to access systems or data

Please contact Flagstaff Tech Net at 928-224-0468 to discuss developing and testing your cybersecurity plan and policies.

Also, see our policy development page for insight on other recommended policy development.