UK government publishes minimum cyber security standard
The UK government has published a minimum cyber security standard, which can be used by any organisation to improve its defence against cyber attacks.
In the document are the minimum security measures that government departments are now expected to implement in order to protect their information, technology and digital services. It will help them meet their Security Policy Framework (SPF) and National Cyber Security Strategy obligations.
It is the first cyber security technical standard the government has developed in collaboration with the National Cyber Security Centre (NCSC). It will be incorporated into the Government Functional Standard for Security.
According to the published document: “The standard presents a minimum set of measures and departments should look to exceed them wherever possible.
“Over time, the measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of new Active Cyber Defence measures that departments will be expected to use and where available for use by suppliers.”
Active Cyber Defence is a programme designed by the National Cyber Security Centre, which aims to tackle cyber attacks in a relatively automated and scalable way to improve the country’s resilience.
It revolves around four programmes – Web Check, DMARC, Public Sector DNS and a takedown service. They have resulted in the UK share of visible global phishing attacks dropping from 5.3 per cent in June 2016 to 3.1 per cent in November 2017. Active Cyber Defence also removed 121,479 phishing sites hosted in the UK, and 18,067 worldwide spoofing UK government authority.
Compliance with the new minimum security standards can be achieved in many ways, according to the government, depending on the technology choices and business requirements in question.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.