UK STANDARDS & FRAMEWORKS
Given the threats to an organisation's information, it is essential that both large and small organisations implement effective but workable controls, to ensure that their information is kept secure but at the same time not hinder the ability of employees to do their job.
The first step for all organisations is to carry out a comprehensive risk management for its information assets. Synovum recommends use of either ISO/IEC 27005:2011 or NIST's SP800-30r1.
Following the initial risk assessment process, an organisation should implement a number of controls (logical/technical, physical, and administrative ) to mitigate any identified risks, unless it has decided to either accept or avoid the risks previously identified.
The UK-based standard/framework described below can, if implemented, provide some measure of confidence that the most common attack vectors have been mitigated to some extent.
In June 2014, the UK government launched the 'Cyber Essentials' scheme. The scheme, which is aimed at small and medium sized businesses (SMEs), complements the previous guidance documents '10 Steps to Cyber Security' and the 'Small Businesses: what you need to know about Cyber Security' guide published in 2013.
The scheme identifies and focuses on five principal areas that businesses of all types and sizes must consider as "the essential" foundation of their cyber security - boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management.
Organisations can choose between the initial certification and the 'Plus' option', whereby additional technical tests are carried out by an external certifying organisation.
Originally published in 2012, the UK government's '10 steps to Cybersecurity' provides guidelines for organisations to follow so that they can remain safe and secure.
As with the CIS 20 controls, implementation of these 10 steps can go a long way to mitigating the risk from the most common cyber attack vectors.
Working with the above standard and framework issued by the UK Government, Synovum can help your organisation to become 'cyber-secure' and protect your information assets through comprehensive review and implementation of the necessary controls. Please contact us for more information.
Mark Rogers, FCO Services