As we continue to build our knowledge on the 5 Es of cybersecurity, we'll move on to the next step of enforcing your procedures.
Now, what does it mean to enforce your procedures? While you've developed procedures that, as we previously stated are well-defined, repeatable, and testable.
And that's important because those procedures identify where your risks are and your controls. And so, by enforcing your procedures, you're mitigating your overall risk.
Now, if there's a need to deviate from your procedures, there's a few things that you'll want to consider. You should never deviate unless there's a valid reason to do so.
And by deviating, you want to make sure that there's a secondary review of the nature of the deviation and the reason for the deviation. And most importantly you'll want to document the deviation to understand why it happened. And if it does happen on a frequent basis, you should consider rewriting your procedures to better identify what your business processes are and understanding that again, the cyber security threat landscape is always changing.
So, understand where those deviations are and document them at all times.
We hope you'll continue to join us as we walk through each of these in greater detail.
Do you have any specific questions related to cybersecurity? Please contact your PNC representative and they will schedule time with our security team. Thank you.