Cybercrime prevention strategy and incident management plan
Cybercrime prevention strategy and incident management plan

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Cybercrime prevention strategy and incident management plan

  1. 1


    1. 1.1

      This strategy and plan builds on and supplements our other data management and security policies and procedures, namely our:

      1. 1.1.1

        [[Data protection policy]]

      2. 1.1.2

        [[Data breach plan]]

      3. 1.1.3

        [[Information management and security policy]]

      4. 1.1.4

        [[Bring your own device policy]]

      5. 1.1.5

        [[Password policy]]

      6. 1.1.6

        [[Information Communications Technology (ICT) Plan]]

      7. 1.1.7

        [[Internet and electronic communications policy (including social media)]]

      8. 1.1.8

        [[Remote working and removable media policy]]

      9. 1.1.9

        [[Business continuity plan (BCP)]]

  2. 2

    Purpose and scope

    1. 2.1

      The purpose of this document is to establish systems and controls to protect the [firm OR company] from cybercriminals and associated cybersecurity risks, as well as set out an action plan should the [firm OR company OR fall victim to cybercrime.

    2. 2.2

      This plan is relevant to all staff[ in every office].

  3. 3


    1. 3.1

      [Insert name] is responsible for this strategy and plan.

    2. 3.2

      They are responsible for:

      1. 3.2.1

        conducting and maintaining cybercrime/cyber security risk assessments

      2. 3.2.2

        monitoring compliance with this strategy and related policies and procedures

      3. 3.2.3

        invoking the relevant incident management plan, as appropriate and in conjunction with the business continuity team

  4. 4

    What is