Links to best practice, governmental resources, and free advice

3 minute read

The following post has been archived

10 Steps to Cyber Security

The Ten Steps is a Department for Business, Innovation and Skills (BIS) publication which aims to help businesses prevent or deter most cyber-attacks. The Executive Companion offers guidance for business on how to make the UK’s networks more resilient and protect key information assets against cyber threats. It covers risk management and corporate governance and includes case studies based on real events. The advice sheets provide detailed cyber security information and advice in 10 important technical and process/cultural areas.

BIS advice for small businesses

BIS have issued a publication setting out what small businesses need to know about cyber security. The document explains the threat to small businesses who are increasingly under attack. It explains how they can ensure that they are protected through:

  • managing risk
  • providing staff awareness and training
  • increasing network security and protection against malware
  • providing guidance for businesses that outsource their IT service

By taking this advice, small businesses protect their assets, customers and their peace of mind. They can save money through more efficient security controls, and gain competitive advantage by being seen to take security seriously.

Cyber Essentials

Cyber Essentials is a new Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry. The Cyber Essentials documents are free to download and organisations can use them to protect themselves against the most common cyber threats. Cyber Essentials is for all organisations, of all sizes, and in all sectors.

Cyber Streetwise

Cyber Streetwise is a campaign to help us all be a bit more measurably streetwise online, making it harder for cyber criminals to access personal data, or steal identities and financial information. 20 Critical Controls The 20 controls (and sub controls) focus on various technical measures and activities, with the primary goal of helping organisations prioritise their efforts to defend against the current most common and damaging computer and network attacks.

Cloud Security Principles

Cloud Security Guidance summarises the essential security principles to consider when evaluating cloud services, and why these may be important to your organisation. Some cloud services will fulfil all of the security principles, while others only a subset.

Cloud Risk Management Guidance

The Council of Registered Ethical Security Testers (CREST)

CREST members provide penetration testing services with guarantees that the work will be carried out by qualified individuals with up to date knowledge of the latest vulnerabilities and techniques used by real attackers. CREST members also have appropriate policies, processes and procedures for conducting this type of work and for the protection of client information. CREST assessed companies can also help organisations plan for, manage and recover from significant cyber security related incidents.

Centre for the Protection of National Infrastructure (CPNI)

CPNI provides a range of guidance documents and technical notes aimed at improving practices and raising awareness of current issues related to information security. These cover such varied topics as threats, security on mobile devices, SCADA (Supervisory Control and Data Acquisition) systems, password advice and incident recovery.

Cyber-security Information Sharing Partnership (CiSP)

CiSP is a joint, collaborative initiative between industry and government to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact upon UK business. Any UK registered company or other legal entity which is responsible for the administration of an electronic communications network in the UK is eligible to become a member and apply for membership of the CiSP collaboration environment.

Information Commissioner’s Office (ICO)

The ICO website has general advice on cyber security, and specific advice on what to do if you suffer loss of data. The ICO has a number of tools available to change the behaviour of organisations and individuals that collect, use and keep personal information. They include criminal prosecution, non-criminal enforcement and audit. The Information Commissioner also has the power to serve a monetary penalty notice on a data controller.

GOV.UK cyber pages

The cyber webpage (“Keeping the UK Safe in Cyberspace”) sets out the policy context for UK cyber; provides an overview of the issues; provides links to key policy documents; and sets out what actions have already been taken to achieve the aims of the UK Cyber Security Strategy.

The UK Cyber Security Strategy

Protecting and promoting the UK in a digital world