Cyber risk management is important for organizations of all kinds and sizes. Small and medium size enterprises are increasingly being targeted by cyber criminals. In November 2016, the U.S. National Institute of Standards and Technology (“NIST”) issued a cyber risk management report.
Basic risk mitigation practices, procedures and activities
NIST issued the interagency report titled Small Business Information Security: The Fundamentals to provide cyber risk management guidance for small businesses. The Report and similar guidance issued by Canadian and U.S. agencies provide useful advice for organizations of all sizes. Some basic risk mitigation practices, procedures and activities can be organized into five categories — identify, protect, detect, respond and recover. Borden Ladner Gervais LLP gives a summary of some of the recommendations here.
Read more at Lexology.