We looked at risk identification and prioritisation in our earlier episode.
We will now look at Implementation and Rollout of the mitigation actions we described.

Our implementation comprises of three major components

• Governance and changes to the policies based on what we need to mitigate
• Process and Procedure implementation
• Technical areas implementation

The governance here comprises of identifying the changes required and the updating of the policies. We did prepare some policies earlier which we now revisit. Why these changes - because we are now more aware of our risks and the threats to our environment. A simple example is related to password policy. E.g. we had an earlier policy which said that all passwords will not be re-used for 2 times, so we cannot use the password for at least 2 turns of password change. However, we have now identified that this is not enough for some applications which are internet facing. The risk is higher here because our passwords become predictable and can be guessed easier. Hence, we may make a change to the policy saying no re-use for at least 5 times. The policy now needs to roll through a change management procedure which records the why and what of the change. We may also decide to have different password policies for different types of applications and this also needs to be recorded and approved. And further to writing procedures - which is what we will explode in this episode.

The flow described in this season can be used by in either of the below situations:

·       you and work standalone/ 

·       work with a consultant/expert 

·       can be used to run the show via the Arrka Privacy Management Platform (both for Security and Privacy). 

For details, reach out to us on sameer.anja@arrka.com; sales@arrka.com; twitter: sameeranja, twitter: arrka2; Give a reference of this cast and avail credits on the platform usage and subscription. The Arrka Platform is made by SMB and for the SMB.