UK’s Cybersecurity Policy For Business

Uploaded on 2016-06-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The British Government has decided to embrace cloud computing as a way of combating cyber-attacks.

The UK Government is a global leader in promoting public sector use of cloud technology for example, Transport for London's contactless payment system was introduced far ahead of similar public transportation networks across the world. 

However, like all organisations, it is under increasing pressure to generate cost savings, increase efficiencies and improve services, which are a few of the reasons why the Government has decided to embrace cloud computing as a way of combatting cyber-attacks.

In truth, cyber-security related issues now cost British businesses a total of £34 billion a year, according to a joint study undertaken in 2015 by the Centre for Economics and Business Research (Cebr) and Veracode. Nearly £18 billion of that figure is attributed to lost revenue, while £16 billion relates to increased IT spend as a result of breaches. Equally worrying is that 34 percent of cyber-crime aimed at UK organisations relates to intellectual property ‘IP' theft, a ‘crown jewel' for many businesses.

It is statistics like these that have led the UK Government to significantly increase its cyber-crime budget. However, the message remains clear, that all organisations, including those in the private sector, must take charge of their own security, through both use of technology and by promoting higher levels of employee awareness. Here are 14 suggestions that everyday businesses can learn from the Government and should consider when creating their own cyber-security protection framework:

1.     Protecting moving data - Consumer data moving in-between networks should be adequately protected against tampering and eavesdropping, through a combination of network protection and encryption

2.     Asset protection and resilience - Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or removal

3.     Separation between consumers - Separation should exist between different consumers of the service to prevent one malicious or compromised consumer from affecting the service or data of another

4.     Governance framework - The service provider should have a security governance framework in place that coordinates and directs their overall approach to the management of the service and information

5.     Operational security - The service provider should have processes and procedures in place to ensure the operational security of the service

6.     Personnel security - Service provider staff should be subject to personnel security screening and security education before starting their role

7.     Secure development - Services should be designed and developed to identify and mitigate threats to their security

8.     Supply chain security - The service provider should ensure that its supply chain supports all security principles that need to be implemented

9.     Secure consumer management - Consumers should be provided with the tools required to help them securely manage their service

10.  Identity and authentication - Access to all service interfaces (for consumers and providers) should be controlled to authorised individuals

11.  External interface protection - All external or less trusted interfaces of the service should be identified and have appropriate protections to defend against attacks through them

12.  Secure service administration - The methods used by the service provider's administrators to manage the operational service should be designed to mitigate any risk of exploitation that could undermine the security of the service

13.  Audit information provision to consumers - Consumers should be provided with the audit records they need to monitor access to their service and the data held within it

14.  Secure use of the service by the consumer - Consumers have certain responsibilities when using a cloud service in order for this use to remain secure, and for their data to be adequately protected

While designed for public sector organisations, these principles provide a solid framework for supporting secure cloud adoption across all industries. Trust and security remain paramount drivers, alongside industry-specific requirements, with the list above providing a solid framework for selecting a cloud services provider.

It's clear that Government IT projects are moving to the cloud, but security still remains front of mind throughout this transformation. At a time when doing more with less is essential, policy myths and data classification confusion are slowing cloud adoption. The announcement of the EU-US privacy shield represents a vital step in maintaining data flows and strengthening confidence around security in the cloud.

SC Magazine

« Preliminary Agreement On Airline Cybersecurity
Video-Gaming Is The Next Cybercrime Target »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.