A guide from the [[National Cyber Security Centre|NCSC]] Three broad themes: Implement, prepare, understand Ten...steps, I guess? 1. [[risk management]] 2. engagement and training 3. asset management 4. architecture and configuration 5. vulnerability management 6. identity and access management 7. data security 8. logging and monitoring 9. incident management 10. supply chain security