The International Chamber of Commerce (ICC) has published its 'Cyber security guide for business', presenting a number of principles, strategies and actions that can help companies put a cyber security framework into practice.

The guide is designed to facilitate communication between company management and IT specialists, in order to help all types of companies address their cyber security challenges, while also engaging suppliers to tackle these issues.

The guide presents the following five key principles:

1. focus on the information, not on the technology;
2. make resilience a mind-set;
3. prepare to respond;
4. demonstrate a leadership commitment; and
5. act on your vision.

But the guide warns that “Just reading this guide is not enough – you must translate your unique company vision for cyber security risk management into practice by creating (or revising) various information security policies.”

Six essential security actions

The five principles are therefore followed by six essential security actions:

1. Back up business information; validate restore process
2. Update information technology systems
3. Invest in training
4. Monitor your information environment
5. Layer defences to reduce risk
6. Prepare for when the breach occurs

The guide also includes a 16-question security self-assessment, which helps companies to identify gaps or vulnerabilities in their cyber security processes, so they know where they need to take action next.

The ICC will distribute the guide to its more than six million members in more than 130 countries.