The UK government via CESG, the Information Security Arm of GCHQ, have recently released a document entitled “10 Steps to Cyber Security”. The full document is available at http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1121-10-steps-to-cyber-security-advice-sheets.pdf The 10 areas of focus within the document are given two pages each for further review and are as follows: • Home and Mobile Working • User Education and Awareness • Incident Management • Information Risk Management Regime • Managing User Privileges • Removable Media Controls • Monitoring • Secure Configuration • Malware Protection • Network Security Overall, it is very important that the government are being proactive in highlighting the online threat landscape for businesses and references to control frameworks such as ISO 27000 are welcome. On the other hand, the fact that 3rd party service providers and [often exploited] online interfaces are not referenced appears to be a massive oversight. Unfortunately, many of the control frameworks are not easily found online. For example, the controls referenced are familiar from the PCI DSS, ISO 27000, the Code of Connection, Public Sector Network and IL3 requirements. Not all of these standards are freely distributed. Sources of training and other informational material for the above would also be of enormous value to those perusing the document as otherwise, it appears to come to a ‘dead end’. Use of SANS, NIST and CIS for secure systems baselines and the ‘Think Privacy’ campaign for user awareness are examples of excellent resources. Achieving other controls through the implementation of sound and considered policies for users, passwords and audit logs can also use the SANS, NIST and CIS documents as well as Microsoft and other online resources. If you are concerned about your "Cyber Security" or security and compliance and don't know where to start, please feel free to give me a call/email(07889 183207 - andrew.barratt@ptpconsultingllp.com).
Contact Details Mobile - 07889 183 207 Skype - andrewbarratt andrew.barratt@coalfire.com Andrew is an experienced IT and Information Security Consultant, PCI DSS advisor and QSA. As a…
Post articles and opinions on Manchester Professionals
to attract new clients and referrals. Feature in newsletters.
Join for free today and upload your articles for new contacts to read and enquire further.
