I posted a note on cyber security on my linkedin blog. I post some pointers on the standards and controls needed to defend against a cyberattack and implement “adequate technical and organisational” protection. It looks and links at the NIST cyber-security framework and lists some of the necesary controls to implement a reasonable defence and prove “adequate technical and organisational” controls. If you do what I suggest badly, you might get away with it, if you do it well, you might stop and or recover from attacks.
On Cyber-security