Every organisation is different and, though there are general patterns which apply over all, and patterns more or less likely to apply to particular industries and sizes of organisation, each should be treated as an individual case when approaching the issue of cyber security. There is no standardised or uniform approach that will protect every organisation. Therefore, developing a security programme designed to the requirements of individual organisations is the most beneficial way to approach cyber security.
A security programme can be established through the cataloguing of assets and creation of risk assessments. By looking at the assets a company has, in terms of data, it can be understood what value they hold, not only for the organisation, its employees and its customers, but also to cyber criminals who may want to access this information and use it maliciously. Recognising assets and the value they may represent allows companies and cyber security professionals to develop risk assessments and calculate which controls need to be put in place.
While every plan for cyber security will differ, there are many common controls that organisations tend to utilise in their approach.