The UK government via CESG, the Information Security Arm of GCHQ, have recently released a document entitled “10 Steps to Cyber Security”. The full document is available at http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1121-10-steps-to-cyber-security-advice-sheets.pdf
The 10 areas of focus within the document are given two pages each for further review and are as follows:
• Home and Mobile Working
• User Education and Awareness
• Incident Management
• Information Risk Management Regime
• Managing User Privileges
• Removable Media Controls
• Monitoring
• Secure Configuration
• Malware Protection
• Network Security
Overall, it is very important that the government are being proactive in highlighting the online threat landscape for businesses and references to control frameworks such as ISO 27000 are welcome. On the other hand, the fact that 3rd party service providers and [often exploited] online interfaces are not referenced appears to be a massive oversight. Unfortunately, many of the control frameworks are not easily found online. For example, the controls referenced are familiar from the PCI DSS, ISO 27000, the Code of Connection, Public Sector Network and IL3 requirements. Not all of these standards are freely distributed.
Sources of training and other informational material for the above would also be of enormous value to those perusing the document as otherwise, it appears to come to a ‘dead end’. Use of SANS, NIST and CIS for secure systems baselines and the ‘Think Privacy’ campaign for user awareness are examples of excellent resources. Achieving other controls through the implementation of sound and considered policies for users, passwords and audit logs can also use the SANS, NIST and CIS documents as well as Microsoft and other online resources.
The 10 areas of focus within the document are given two pages each for further review and are as follows:
• Home and Mobile Working
• User Education and Awareness
• Incident Management
• Information Risk Management Regime
• Managing User Privileges
• Removable Media Controls
• Monitoring
• Secure Configuration
• Malware Protection
• Network Security
Overall, it is very important that the government are being proactive in highlighting the online threat landscape for businesses and references to control frameworks such as ISO 27000 are welcome. On the other hand, the fact that 3rd party service providers and [often exploited] online interfaces are not referenced appears to be a massive oversight. Unfortunately, many of the control frameworks are not easily found online. For example, the controls referenced are familiar from the PCI DSS, ISO 27000, the Code of Connection, Public Sector Network and IL3 requirements. Not all of these standards are freely distributed.
Sources of training and other informational material for the above would also be of enormous value to those perusing the document as otherwise, it appears to come to a ‘dead end’. Use of SANS, NIST and CIS for secure systems baselines and the ‘Think Privacy’ campaign for user awareness are examples of excellent resources. Achieving other controls through the implementation of sound and considered policies for users, passwords and audit logs can also use the SANS, NIST and CIS documents as well as Microsoft and other online resources.
This is one of the most important blogs that I have seen, keep it up!Big Data and Bigger Breaches With Alex Pentland of Monument Capital Group
ReplyDeleteAn unbelievable blog. This blog will indisputably be definitely recommended to my friends as well.faxless payday loan
ReplyDeleteWay cool some valid points! I am grateful for you making this post on hand; the rest of this website is also first-class. Have a great fun.online payday advance loans
ReplyDeleteIt’s a classic great for me to go to this blog site, it offers helpful suggestionswhole life insurance quotes
ReplyDeleteI never ever imagined that I will admit this opinion, but you may actually know… you have defined such facts that I am totally agreed to this thing … roofing contractors Sugar Land
ReplyDeleteThat’s a nice site you people are carrying out there.pay day loans
ReplyDeleteI will definitely come back to your site to see more splendid posts like this one. ipv d2
ReplyDeleteAwesome work out guys which you are sharing with us, great efforts you have shown there. Bathroom remodel Lakeville
ReplyDeleteFine method of telling, and enjoyable article to acquire factual statements.MacFarlane Group
ReplyDeleteEnormous one blog! I have got very clear picture of the topic you shared here that’s truly amazing! payday loans online
ReplyDeleteThis is an informative blog by which I have got that info which I really wanted to get. Adam Short Niche Profit Full Control
ReplyDeleteExcellent effort to make this blog more wonderful and attractive. life insurance rates
ReplyDeleteSuperb efforts! Keep updated more and more posts I’ll be here to wait for your posting. advanced loans
ReplyDeleteHi there, I read this fantastic blog on your site. Your entertaining style is amusing, keep it up! Water Solutions HQ
ReplyDeletePersonally I think overjoyed I discovered the blogs.forklift training
ReplyDeleteAmazing, what a post this is! This webpage gives helpful information to us, keep on working hard. NY Anesthesia Malpractice Attorney
ReplyDeleteHi Dear, have you been certainly visiting this site daily, if that's the case you then will certainly get good knowledge. Vine Vine Skin Care
ReplyDeleteGood quality info. Lucky to me I came to your website not on purpose, but now I have bookmarked it. life insurance and depression
ReplyDeleteThe quality of your blogs and conjointly the articles and price appreciating. vehicle wraps
ReplyDelete