A comprehensive breakdown of the Cybersecurity Best Practices

with granular detail and examples for each of the 10 core areas:

1. Governance, Leadership & Policy

Goal: Set direction, ownership, and oversight for cybersecurity.

Best Practices with Examples:

• Cyber Governance Committee: Create a multi-departmental group (IT, OT, Legal, Operations) that meets quarterly to review cyber incidents and KPIs (e.g., patch compliance).
• Cybersecurity Officer Role: Assign a designated person (e.g., CISO or Cyber Officer) with clear responsibilities for both shipboard and onshore cyber protection.
• Cybersecurity Policy: Develop policies aligned with international frameworks (e.g., ISO 27001). Include password rules, access control, and removable media usage.
• Integration with SMS: Make sure cybersecurity is part of the Safety Management System and ISPS Code. For example, define what constitutes a cyber "security level" escalation.
• Executive Reporting: Brief senior leadership annually with dashboards showing incident trends, audit findings, and training completion rates.
• Clear Accountability: Map responsibilities for example, the Master reports OT cyber incidents to the Designated Person Ashore (DPA).

2. Asset Management

Goal: Know what assets exist and how they connect to ensure proper control and protection.

Best Practices with Examples:

• Automated Inventory: Use tools like Lansweeper, Rapid7, or even Nmap to maintain real-time lists of all IT and OT devices (e.g., navigation systems, ship servers, printers).
• Asset Classification: Categorize ECDIS and propulsion control as "critical" assets; onboard entertainment systems as "non-critical."
• Network Mapping: Create and maintain up-to-date diagrams showing how systems are segmented (e.g., bridge systems separated from crew Wi-Fi).
• Firmware Tracking: Record firmware versions of shipboard systems (e.g., radar) and subscribe to vendor alerts.
• Labelling and Logging: Clearly mark devices and log USB usage. Example: engineer inserts USB for diagnostics → logs model, date, and files accessed.

3. Risk Assessment

Goal: Identify, assess, and prioritize cyber threats and vulnerabilities.

Best Practices with Examples:

• Annual or Event-Driven Assessments: Use NIST SP 800-30 or ISO 31000 to assess cyber risks annually or when systems are upgraded.
• Threat Scenarios: Include real-world scenarios such as ransomware on a ship's file server or spoofing of GPS during port entry.
• Risk Scoring: Score each risk using Likelihood x Impact. E.g., outdated antivirus on a navigation terminal = High Risk.
• Supply Chain Inclusion: Evaluate risks from third-party vendors who connect remotely to OT systems.
• Risk Register: Maintain a living document where risks are documented, ranked, and tracked for mitigation (e.g., Bridge Wi-Fi unsegmented - Mitigation: VLAN implementation Q3 2025).

4. Protective Controls

Goal: Prevent unauthorized access or misuse of systems.

Best Practices with Examples:

• Role-Based Access Control: Crew can't access system configurations. Bridge Officers can. Engineers manage engine control terminals.
• Multi-Factor Authentication: Require MFA (e.g., password + token) for VPN access to fleet management portals.
• Encryption: Use TLS 1.2+ for ship-to-shore communications. Encrypt removable media using BitLocker or VeraCrypt.
• Patch Management: Apply critical patches within 7 days. Example: a known ECDIS vulnerability must be patched before the next voyage.
• Least Privilege: Engineers don't get admin access to payroll systems; HR doesn't get access to propulsion logs.

5. Detection

Goal: Identify threats quickly before damage occurs.

Best Practices with Examples:

• Endpoint Detection and Response (EDR): Install tools like SentinelOne, CrowdStrike on all onboard Windows/Linux endpoints.
• Security Information & Event Management (SIEM): Use SIEM (e.g., Wazuh, Splunk) to centralize logs and detect anomalies.
• Behaviour Monitoring: Detect lateral movement e.g., if a non-engineering laptop scans PLC ports, trigger alerts.
• Log Retention: Store logs for 6-12 months securely, using WORM storage or read-only backups.
• Anomaly Alerts: Monitor for failed login attempts or unusual port activity (e.g., port scanning on bridge systems).

6. Response

Goal: Contain and recover quickly from cyber incidents.

Best Practices with Examples:

• Cyber Incident Response Plan (CIRP): Include details like communication trees, reporting thresholds, and actions per system.
• Redundant Comms: If email is compromised, use satellite voice or secure app (e.g., Signal) to notify DPA.
• Tabletop Exercises: Run cyber drill scenarios twice a year (e.g., ransomware locks engine logs before port call).
• Escalation Flow: Crew → Master → DPA → Maritime Authority (if serious). Document who decides when to disconnect affected systems.
• Post-Incident Review: Conduct root cause analysis and update procedures after every event.

7. Recovery

Goal: Resume operations with minimal impact.

Best Practices with Examples:

• Recovery Time Objectives (RTO): Example: Radar display must be functional within 1 hour of failure.
• Backup Strategy: Maintain encrypted, offline backups of all critical configs (e.g., propulsion system settings, ECDIS maps).
• Test Restore Procedures: Perform quarterly restoration drills. E.g., simulate loss of a navigation workstation and test reload time.
• Redundancy Systems: Ensure backup ECDIS, comms (VHF + satellite), and GMDSS have separate power sources.

8. Awareness & Training

Goal: Empower crew and staff to identify and prevent threats.

Best Practices with Examples:

• Role-Specific Training: Engineers learn about PLC malware; bridge officers learn about spoofed GPS signals; crew understand phishing.
• Simulated Phishing: Run fake phishing emails via KnowBe4 or Cofense to test awareness. Track clicks and remediate.
• Onboarding Requirements: All new hires receive a cybersecurity familiarization during induction.
• Incident Reporting: Train staff to report anomalies e.g., a pop-up on a navigation terminal, unusual file names.

9. Third Parties & Supply Chain

Goal: Secure external interactions and dependencies.

Best Practices with Examples:

• Cyber Clauses in Contracts: Require vendors to be ISO 27001 certified or provide evidence of secure practices.
• Vendor Access Control: External contractors can only access designated VLANs and cannot plug directly into OT networks.
• Risk-Based Vetting: Evaluate a supplier based on their access level. E.g., HVAC vendor has limited cyber exposure = lower scrutiny.
• USB & Laptop Protocols: External laptops must be scanned for malware before connecting to shipboard networks. Use onboard AV sandbox if available.

10. Documentation & Audit

Goal: Maintain oversight and compliance records.

Best Practices with Examples:

• Policy Repository: Store all cybersecurity documents in a version-controlled central folder (e.g., SharePoint, Git, or Nextcloud).
• Internal Audit: Use monthly checklists to verify log backups, antivirus status, patch level, and access controls.
• External Testing: Hire third-party firms annually to run penetration tests against shipboard and cloud-hosted systems.
• Audit Log Integrity: Store logs using secure and tamper-proof solutions (e.g., syslog with remote timestamping).

Section 1: Governance, Leadership & Policy

Example 1: Establish a Cybersecurity Governance Committee

Actions to Achieve:

• Identify key departments IT, OT, Operations, Legal, Safety) with cyber responsibilities.
• Assign representatives to he committee with decision-making authority.
• Draft a governance charter (define purpose, scope, meeting frequency, KPIs).
• Schedule quarterly meetings and assign a chairperson.
• Set up tracking for risk reviews, policy updates, and incident follow-ups.

Example 2: Appoint a Dedicated Cybersecurity Officer

Actions to Achieve:

• Add a Cyber Officer role to the organizational chart.
• Define their responsibilities: strategy, compliance, risk management, incident response.
• Appoint a qualified candidate (maritime + cybersecurity knowledge).
• Give authority to make and enforce cyber decisions across fleet and shore.
• Provide necessary tools and budget to implement policies.

Example 3: Develop Cybersecurity Policy Aligned with ISO/IEC 27001

Actions to Achieve:

• Identify relevant ISO/IEC 27001 control areas for maritime (e.g., access control, backup, asset management).
• Draft policies including: password complexity, user access, remote login, removable media.
• Consult with legal, HR, and DPA for compliance alignment.
• Translate policies into procedural checklists for ship and office use.
• Communicate to all staff and integrate into onboarding.

Example 4: Include Cyber Risks in Safety Management System (SMS)

Actions to Achieve:

• Revise SMS to include cyber risk scenarios (e.g., loss of ECDIS due to malware).
• Add cyber to internal audit protocols.
• Create risk scoring templates (impact/likelihood) to guide vessel crews.
• Conduct a dry-run audit focused on cyber vulnerabilities.
• Document and track mitigation timelines like physical safety issues.

Example 5: Mandate Annual Executive Cybersecurity Reviews

Actions to Achieve:

• Create an executive-level dashboard with indicators (patch compliance, incidents, vendor risks, training rates).
• Schedule annual briefing sessions for C-suite and DPA.
• Prepare a summary report of the last 12 months' cyber health and risk posture.
• Review budget allocations, control gaps, and upcoming regulatory requirements.
• Log decisions and ensure actions are assigned and followed up.

Example 6: Define Cyber Roles & Responsibilities in Incident Scenarios

Actions to Achieve:

• Map out an escalation matrix (e.g., Crew → Master → DPA → CSO).
• Update the incident response plan to cover who does what and when.
• Include IT and OT stakeholders in role assignments.
• Train crew on reporting protocols (e.g., what to report, when, and to whom).
• Include cyber in monthly or quarterly emergency drills.

Section 2:Asset Management

Example 1: Maintain an Up-to-Date Asset Inventory

Actions to Achieve:

• Use automated discovery tools (e.g., Nmap, Lansweeper, Rapid7) to scan IT/OT networks.
• Identify all onboard systems: navigation (ECDIS, AIS), control systems (PLC, propulsion), and IT systems (email servers, crew Wi-Fi).
• Create an asset register with device type, function, serial number, software/firmware version, location, and network address.
• Update inventory after installations, upgrades, or decommissions.
• Store the inventory in a secured, regularly backed-up central repository.

Example 2: Classify Assets by Criticality

Actions to Achieve:

• Develop a criticality rating system (e.g., High = Safety-critical, Medium = Operational support, Low = Admin use).
• Assign ratings: ECDIS, radar, and GMDSS = High; CCTV system = Medium; printer = Low.
• Link asset criticality to patching, backup, and access control priorities.
• Use classification in risk assessments and incident response planning.

Example 3: Map Network Topology and Segmentation

Actions to Achieve:

• Draw logical and physical network diagrams for each vessel and shore office.
• Highlight segmentation (e.g., OT control network separated from business network by firewall).
• Identify choke points and shared network zones (e.g., if ECDIS and crew Wi-Fi share a switch, address segmentation).
• Review and update diagrams with every change to the network.
• Ensure diagrams are reviewed during audits and risk assessments.

Example 4: Track Firmware and Software Versions

Actions to Achieve:

• Document all software and firmware in use (especially on OT and safety-critical systems).
• Subscribe to vendor alerts and security advisories.
• Set calendar reminders for version reviews and updates.
• Link patching and firmware management to the asset inventory and CMDB.
• Flag end-of-life software for replacement planning.

Example 5: Physically Label Critical Assets and Log USB Use

Actions to Achieve:

• Label critical devices with unique IDs and tamper-evident stickers (especially OT and navigation systems).
• Maintain logs for removable media use (who used what USB on which device, when, and why).
• Place sign-in/out logs in engine control room and bridge.
• Require all USBs to be scanned using onboard antivirus tools before use.
• Train crew on physical security expectations for cyber assets.

Section 3: Risk Assessment

Example 1: Perform Annual or Event-Driven Cyber Risk Assessments

Actions to Achieve:

• Choose a recognized framework (e.g., NIST SP 800-30, ISO 31000).
• Schedule formal assessments annually or when new tech is deployed.
• Assign qualified personnel or external consultants to conduct assessments.
• Document all identified risks with clear descriptions.
• Review and update assessments after incidents or changes in environment.

Example 2: Include Realistic Threat Scenarios

Actions to Achieve:

• Develop threat scenarios relevant to maritime operations (e.g., GPS spoofing, ransomware attack on navigation systems).
• Consult recent cyber incident reports in maritime industry for scenario ideas.
• Use these scenarios in risk workshops with cross-functional teams.
• Update threat scenarios yearly to reflect evolving threats.
• Use scenarios in simulation exercises and staff training.

Example 3: Use a Risk Scoring Matrix (Likelihood x Impact)

Actions to Achieve:

• Define Likelihood levels (e.g., Rare, Possible, Likely).
• Define Impact levels (e.g., Low, Medium, High).
• Combine these to generate risk scores.
• Apply risk scores consistently to all identified threats.
• Prioritize risks with highest scores for remediation.

Example 4: Assess Risks from Third-Party Vendors

Actions to Achieve:

• Identify all vendors with remote or physical access to shipboard systems.
• Develop a vendor risk assessment questionnaire covering cyber hygiene, access controls, and incident history.
• Require vendors to complete assessments before engagement.
• Incorporate vendor cyber risks into overall risk register.
• Monitor and audit vendor compliance regularly.

Example 5: Document Risks and Mitigation Actions in SMS

Actions to Achieve:

• Integrate cyber risk assessment findings into the vessel's Safety Management System.
• Create a risk register log that tracks identified risks, assigned owners, and deadlines.
• Use SMS tools or software to monitor risk mitigation progress.
• Regularly review and update risk status during SMS meetings.
• Ensure clear accountability for risk closure.

Section 4: Protective Controls

Example 1: Implement Role-Based Access Control (RBAC)

Actions to Achieve:

• Define roles clearly (e.g., Bridge Officer, Engineer, Crew Member).
• Assign permissions based on job necessity - no "all access" users.
• Configure systems and network devices to enforce RBAC (e.g., ECDIS admin rights only for Bridge Officers).
• Regularly review role assignments and update when crew changes occur.
• Document access control policies and train crew on access rules.

Example 2: Enforce Multi-Factor Authentication (MFA) for Remote Access

Actions to Achieve:

• Select an MFA solution compatible with ship's VPN or fleet management portals (e.g., Microsoft Authenticator, YubiKey).
• Configure MFA for all users accessing systems remotely.
• Communicate new login procedures clearly to all users.
• Monitor for login failures and suspicious activity.
• Regularly review and update MFA configurations and user list.

Example 3: Use Encryption for Communications and Data Storage

Actions to Achieve:

• Implement TLS 1.2 or higher for all ship-to-shore communications (e.g., email, data telemetry).
• Encrypt removable media using approved tools (e.g., BitLocker, VeraCrypt).
• Establish policies requiring encryption for sensitive files and backups.
• Train crew on encryption use and handling of encrypted devices.
• Test encryption implementation periodically to ensure it's effective.

Example 4: Establish a Patch Management Process

Actions to Achieve:

• Maintain a schedule for reviewing and applying software and firmware patches.
• Subscribe to vendor security bulletins for timely alerts.
• Test patches in a controlled environment if possible before deployment.
• Deploy patches within defined windows (e.g., critical patches within 7 days).
• Document patching activities, exceptions, and monitor for patch failures.

Example 5: Apply the Principle of Least Privilege

Actions to Achieve:

• Review current user permissions to identify excess privileges.
• Adjust permissions so users have only the minimum access required.
• Implement technical controls to prevent privilege escalation.
• Include privilege management in user access reviews.
• Educate crew on the risks of elevated privileges.

Section 5: Detection

Example 1: Deploy Endpoint Detection and Response (EDR) Tools

Actions to Achieve:

• Evaluate and select an EDR solution compatible with shipboard systems (e.g., SentinelOne, CrowdStrike).
• Install EDR agents on all Windows/Linux endpoints, including critical OT devices where possible.
• Configure EDR to monitor for suspicious behaviors like lateral movement, malware execution, or unusual network connections.
• Set alert thresholds and notification procedures.
• Train crew or shore IT on how to respond to EDR alerts.

Example 2: Implement Security Information and Event Management (SIEM)

Actions to Achieve:

• Choose a SIEM platform suitable for maritime and remote environments (e.g., Splunk, Wazuh).
• Configure log collection from critical systems: firewalls, servers, navigation systems, VPN gateways.
• Define use cases and correlation rules to identify anomalies.
• Set up dashboards and automated alerts for key events (failed logins, port scans).
• Ensure secure and redundant log storage with integrity verification.

Example 3: Monitor Network and System Behavior for Anomalies

Actions to Achieve:

• Define baseline "normal" network and system behavior (traffic patterns, port usage).
• Use anomaly detection tools to flag deviations (e.g., unusual port scans, unexpected device communication).
• Integrate alerts with incident response procedures.
• Review anomalies regularly to tune detection thresholds.
• Document and investigate all significant anomalies.

Example 4: Maintain Long-Term Log Retention and Protection

Actions to Achieve:

• Set log retention policies compliant with maritime regulations and company policy (e.g., 6-12 months).
• Use secure storage methods such as write-once-read-many (WORM) media or encrypted archives.
• Regularly back up logs to offline or cloud repositories.
• Implement access controls to prevent log tampering.
• Periodically audit log integrity.

Example 5: Configure Alerts for Suspicious Activities

Actions to Achieve:

• Define key suspicious activities (multiple failed logins, new device connections).
• Program alerting rules in SIEM and EDR platforms.
• Set escalation protocols for critical alerts.
• Train designated staff to respond quickly to alerts.
• Test alert workflows with simulated incidents.

Section 6: Response

Example 1: Develop a Cyber Incident Response Plan (CIRP)

Actions to Achieve:

• Define incident categories and severity levels.
• Document step-by-step response procedures for each incident type.
• Identify key roles and responsibilities (incident commander, technical responders, communications lead).
• Include escalation and notification protocols (internal & external).
• Ensure the plan covers both IT and OT environments.

Example 2: Establish an Incident Response Team (IRT)

Actions to Achieve:

• Identify staff members from IT, OT, operations, legal, and communications.
• Define team roles and ensure 24/7 availability or on-call coverage.
• Provide specialized training on incident response procedures.
• Conduct regular tabletop exercises and simulations.
• Document and update team contact information regularly.

Example 3: Implement Incident Reporting and Escalation Procedures

Actions to Achieve:

• Create simple and clear reporting channels for crew and shore staff.
• Define criteria for incident escalation based on severity.
• Develop standardized incident reporting forms.
• Train staff on when and how to report incidents.
• Ensure all reports are logged and tracked in a central system.

Example 4: Establish Communication Plans for Stakeholders

Actions to Achieve:

• Identify internal and external stakeholders (crew, management, regulators, vendors).
• Prepare templates for initial incident notifications and updates.
• Assign a communications lead to coordinate messaging.
• Plan for secure communication channels to avoid information leaks.
• Include guidelines for public and media communication, if applicable.

Example 5: Conduct Post-Incident Reviews and Lessons Learned

Actions to Achieve:

• Schedule a formal review meeting after every significant incident.
• Collect and analyse incident data: root cause, timeline, impact.
• Document lessons learned and update policies and procedures.
• Share findings with all relevant personnel.
• Track implementation of corrective actions.

Section 7: Recovery

Example 1: Develop a Disaster Recovery Plan (DRP) for Cyber Incidents

Actions to Achieve:

• Define recovery objectives (RTO, RPO) for critical systems.
• Document step-by-step recovery procedures for key assets (navigation, communication, IT systems).
• Assign recovery roles and responsibilities.
• Include fallback options and manual procedures if systems remain down.
• Regularly review and update the DRP based on changing tech and threat landscape.

Example 2: Maintain Regular and Secure Backups

Actions to Achieve:

• Identify critical data and systems that require backups.
• Implement automated backup schedules (daily/weekly) with versioning.
• Store backups securely, offsite or in the cloud, with encryption.
• Regularly test backup restoration procedures to ensure integrity.
• Document backup policies and train crew on handling backups.

Example 3: Implement Redundancy and Failover Mechanisms

Actions to Achieve:

• Deploy redundant hardware for critical navigation and communication systems.
• Configure automatic failover for network connectivity (e.g., satellite to cellular).
• Test failover systems regularly to ensure reliability.
• Document failover procedures in recovery plans.
• Train crew on how to manage failover scenarios.

Example 4: Conduct Recovery Drills and Simulations

Actions to Achieve:

• Plan regular drills simulating cyber incidents leading to system failure.
• Involve both shipboard and shore-based teams.
• Evaluate the effectiveness of recovery procedures and update plans accordingly.
• Document drill outcomes and lessons learned.
• Integrate drill results into training programs.

Example 5: Coordinate with External Support and Vendors

Actions to Achieve:

• Establish communication channels with key vendors and cybersecurity response teams.
• Define support expectations and SLAs in vendor contracts.
• Maintain up-to-date contact lists for rapid assistance.
• Include vendor involvement in recovery plans and drills.
• Review vendor performance after incidents and drills.

Section 8: Training and Awareness

Example 1: Conduct Mandatory Cybersecurity Awareness Training for All Crew and Staff

Actions to Achieve:

• Develop or adopt maritime-focused cybersecurity training modules.
• Schedule onboarding and annual refresher courses for all personnel.
• Track attendance and completion rates in training management system.
• Include practical examples like phishing, USB hygiene, and password management.
• Gather feedback to improve training relevance and engagement.

Example 2: Run Targeted Training for IT, OT, and Bridge Personnel

Actions to Achieve:

• Design specialized modules addressing specific roles (e.g., OT system hardening for engineers).
• Provide hands-on workshops on incident detection and response.
• Update training content regularly based on new threats and lessons learned.
• Require certification or assessment to ensure comprehension.
• Encourage knowledge sharing through team meetings and bulletins.

Example 3: Promote a Cybersecurity Culture Onboard

Actions to Achieve:

• Launch awareness campaigns highlighting cyber risks and best practices.
• Reward positive behaviour (e.g., reporting suspicious emails).
• Post visible reminders and quick guides in common areas.
• Foster open communication for reporting incidents without fear.
• Involve leadership in promoting cybersecurity as a priority.

Example 4: Simulate Phishing Attacks and Social Engineering Tests

Actions to Achieve:

• Partner with cybersecurity vendors or use internal tools to run simulated phishing campaigns.
• Analyze results to identify vulnerable individuals or departments.
• Provide immediate feedback and targeted training.
• Track improvements over time.
• Ensure simulations are safe, non-punitive, and educational.

Example 5: Keep Training Content Updated with Industry Trends

Actions to Achieve:

• Subscribe to maritime cybersecurity newsletters and advisories.
• Attend relevant conferences and webinars.
• Update training material quarterly or after major incidents.
• Incorporate lessons from real-world cyber attacks on ships.
• Solicit input from crew and IT teams to ensure relevance.

Section 9: Monitoring and Audit

Example 1: Conduct Regular Internal Cybersecurity Audits

Actions to Achieve:

• Develop an audit schedule covering all critical systems and processes.
• Use standardized audit checklists based on IMO guidelines and standards like ISO 27001.
• Train internal auditors or hire external experts.
• Document findings, non-conformities, and corrective actions.
• Follow up to ensure remediation and continuous improvement.

Example 2: Implement Continuous Security Monitoring

Actions to Achieve:

• Deploy network and endpoint monitoring tools (e.g., IDS/IPS, EDR).
• Configure real-time alerts for unusual activities.
• Assign staff to review and respond to alerts promptly.
• Maintain logs in secure, tamper-proof storage.
• Regularly review monitoring tools and update configurations.

Example 3: Perform Vulnerability Scanning and Penetration Testing

Actions to Achieve:

• Schedule periodic vulnerability scans on IT and OT networks.
• Engage third-party experts for annual penetration tests.
• Prioritize findings by severity and potential impact.
• Develop and track remediation plans for identified vulnerabilities.
• Document all testing results and share with management.

Example 4: Review Compliance with Regulatory and Industry Standards

Actions to Achieve:

• Maintain a compliance matrix aligned with IMO MSC-FAL.1/Circ.3 and other relevant standards.
• Schedule compliance reviews alongside internal audits.
• Keep updated with changes in maritime cybersecurity regulations.
• Report compliance status to senior management and flag gaps.
• Implement corrective actions promptly.

Example 5: Audit Third-Party Vendor Security Controls

Actions to Achieve:

• Include cybersecurity requirements in vendor contracts.
• Conduct periodic vendor audits or require third-party audit reports.
• Monitor vendor adherence to security policies and incident response capabilities.
• Address findings with vendors and track remediation.
• Consider cybersecurity posture in vendor renewal decisions.

Section 10: Continuous Improvement

Example 1: Conduct Regular Cybersecurity Program Reviews

Actions to Achieve:

• Schedule quarterly or biannual program evaluations.
• Assess effectiveness of policies, controls, and training.
• Collect feedback from all levels crew, IT, management.
• Identify gaps or outdated practices.
• Adjust strategies and resources accordingly.

Example 2: Analyze Incident and Audit Findings for Trends

Actions to Achieve:

• Maintain a centralized database of incidents and audit results.
• Use analytics tools to identify recurring issues or weak points.
• Share trend reports with governance and technical teams.
• Prioritize improvements based on risk and impact.
• Track implementation of corrective measures.

Example 3: Update Cybersecurity Policies and Procedures

Actions to Achieve:

• Review policies at least annually or after significant changes.
• Incorporate lessons learned from incidents and audits.
• Ensure alignment with new regulations and industry best practices.
• Communicate updates promptly to all stakeholders.
• Archive previous versions for reference.

Example 4: Foster a Culture of Continuous Learning and Adaptation

Actions to Achieve:

• Encourage staff to attend trainings, workshops, and conferences.
• Promote knowledge sharing sessions onboard and ashore.
• Recognize and reward proactive cybersecurity behavior.
• Stay informed on emerging threats and mitigation techniques.
• Integrate new technologies and processes thoughtfully.

Example 5: Implement Feedback Loops for Cybersecurity Improvements

Actions to Achieve:

• Establish channels for crew and staff to report suggestions and concerns.
• Review feedback regularly and assess feasibility.
• Pilot new ideas or tools before full deployment.
• Communicate back on actions taken based on feedback.
• Use feedback as input for program reviews and updates.