CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

Transcription

1 CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

2 Building resilience: 10 Steps to Cyber Security 1. Information Risk Management Regime 2. Secure Configuration 3. Network Security 4. Managing User Privileges 5. User Education and Awareness

3 Building resilience: 10 Steps to Cyber Security 6. Incident Management 7. Malware Prevention 8. Monitoring 9. Removable Media Controls 10. Home and Mobile Working

4 Building resilience Adopt the Cyber Essentials or Cyber Essentials Plus cyber security controls Look at CESG s guidance on cloud security

5 Building resilience Improve your own awareness for simple advice on keeping safe online look at the keepsafeonline.org website Look at CESG s guidance on use of mobile devices

6 Sharing good practice Join the Cyber-security Information Sharing Partnership (CiSP), part of CERT-UK allows members from across sectors and organisations to exchange cyber threat information in real time, on a secure and dynamic environment, whilst operating within a framework that protects the confidentiality of shared information

7 Cross cutting knowledge, skills and capability Meeting UK Cyber Security Strategy Objective 4, of building the UK s cross-cutting knowledge, skills and capability to underpin all cyber security objectives, by extending knowledge and enhancing skills Develop a Cyber Security Profession Outcome 1 There is an increased pipeline of a cyber capable workforce. Develop the Workforce of the Future Apprenticeships Certification of Masters Degrees Academic Centres of Excellence for Education Cyber Security Challenge Develop the Workforce of Today CESG Certified Professional Scheme CESG Certified Training Scheme Outcome 2 There is a sustained supply of competent cyber security professionals available, adequate to meet growing demand levels. Research Institutes Outcome 4 The UK is recognised as having a leading edge cyber security research capability that can be exploited where appropriate. Users / Basic Cyber Security Knowledge Academic Centres of Excellence for Research Massive Open Online Course Increase Cyber Security Research Key = Activity is delivering benefits Sponsorship of PhD students Centres for Doctoral Training = Activity has started = Management activity Long-term Sustainability Finance / Legal / HR / Professional Business Services CEOs / Seniors / Boards Influence Associated Professions and the Wider Workforce Procurement Understand, Manage, Promote and Sustain Outcome 3 Appropriate cyber security knowledge is part of the day job for relevant non-cyber security professionals across the public and private sectors. Outcome 5 Cyber security knowledge and skills are understood and managed to exert a positive influence over the demand and supply of the cyber workforce.

8 Cyber skills training for workforce CESG Certified Training Awareness courses - useful for those new to the profession or to a specialism. Examples: Introduction to Cyber Security (from The Open University) Cyber Security for Information Asset Owners (IAOs) (from The National Archive) Certificate in Information Security Management Principles (from QA or Ultima Risk Management) Free online course about online security, introducing different types of malware and concepts such as network security, cryptography, identity theft and risk management Information assurance and cyber security are more than just concerns for your IT department how to protect your organisation and its information assets 5-day course covering the knowledge and skills required to manage information security and information risk processes

9 CESG Certified Training courses Application level - specialist courses providing a detailed insight and understanding. Suitable for people in a cyber security role wanting to develop new skills. Examples: CompTIA Security+ (from Bluescreen IT) Includes network security, operational security, threats and vulnerabilities, access control and identity management Technical Cyber Auditing, Cyber Essentials Plus (from IASME) Good cyber security practice to protect organisations from the most common cyber threats

10 QUESTIONS?? or