Protecting your data and systems like a submarine
Cybersecurity internal controls are integral to continued operations and protection of Commonwealth data and systems. When designing controls, identify the critical systems, operations, and data that must be segregated and the systems that must be protected. Think of your organization like a “submarine” with a series of “water tight” hatches that are locked to protect your data and systems.
These hatches are “internal controls” that must be installed, tested and your staff trained. Adding multi-factor authentication, strong passwords, segmenting confidential data and networks, restricting and monitoring access are just some example of internal controls that will significantly improve security. In the event there is unauthorized access, these controls can limit further spread of a breach, theft of data, and disruption of systems.
See our CTR Cyber – Cybersecurity Responsibilities page for more information on cybersecurity internal controls and sample templates. Visit CTR Cyber for additional resources, Tips and Alerts, and free Cyber Awareness Training resources for employees.