Supporting cyber practices are a subsets of the information security management processes which can be implemented as supporting processes prior an implementation of the management system.
There are different reasons for that. From one side, that can be a case when an organisation wants to make sure of a service’s quality required from a procurer or simply wish to perform an extensive implementation in separate phases.
In that sense, the supporting practices are relating to the processes which can be implemented separately from the management system, andto be fully applicable but also can be upgraded to a higher level or more complex system.
The most common supporting practices are: Asset Management, Access Management, Data Classification and/or Incident Management.
For the clearer explanation, each of them includes a large scale of activities which can be a very complex task in the sense of managing an information security. For example, a typical supporting practice is the Asset management includes:
♦ Inventory of assets, ownership, acceptable use of assets, return of assets, labelling, handling of assets;
♦ Management of removable of media, disposal of media, physical media transfer;
♦ ICT network documentation, equipment siting and protection, supporting utilities, cabling security, equipment maintenance;
♦ Removal of assets, security of equipment and assets off-premises, secure disposal or reuse of equipment, unattended user equipment,
♦ Clear desk and clear screen policy.