Security best practice guidelines

McAfee and the Digital Government Security Forum (DGSF) release a new report which explores the cyber risks confronting government and offers recommendations to mitigate these risks, entitled ‘Operating Securely in the Digital World’. The report provides the outlines of two tools, a suggested Review Process and proposed Development Framework to help boards, senior managers and information teams in organisations that would like to review their information security strategies and governance arrangements.

  • 10 years ago Posted in

Since its launch in March this year, the DGSF actively engaged with civil servants, cyber specialists and technology providers to help guide the development of the Forum and to assist in quality assuring the work produced through the initiative. The report identifies four high priority areas, for government to address as it continues to make greater use of technology to meet austerity targets and improve the delivery of digital public services:


§ Lack of awareness of information security threats at board level, causing organisations to fail to provide reassurance that they are meeting their information security responsibilities and cost effectively managing information and cyber threats
§ Concerns over data security blocking efforts to boost collaboration, data sharing, BYOD and more efficient working at a time when government and public services are under pressure to deliver more at lower cost
§ Interfaces between different organisations are key danger points as the government’s prime objective is to join up services and promote greater partnership working and collaboration across sectors
§ Legacy systems which were not designed for the digital age which have encouraged legacy thinking in terms of information security, often resulting in fragmented and siloed security arrangements


John Thornton, secretary to the Digital Government Security Forum says: “Overall, the UK has made huge progress in information handling and data security following the series of high profile breaches in recent years. There is however no room for complacency. Organisations need to think in terms of security-by-default to deliver digital-by-default and share information in order to counter cyber threats. Cybercrime is global in nature and a strong public-private partnership is crucial to create an environment where public sector organisations can work together for mutual benefit.”


The DGSF’s recommendations to boards and senior managers are:
§ Be aware of your risks and put foundations into place: Identify key risks, vulnerabilities and critical information assets; implement basic controls and proactively manage information risks
§ Embrace technology: Ensure that the security technology infrastructure includes comprehensive threat intelligence, risk and behavioural analytics, and robust, resilient and automatic threat protection
§ Use improved information security as an enabler: Support and make possible the savings, service developments and efficiency improvements the digital world offers once security barriers have been removed
§ Develop a culture that embraces change: Share experience and expertise across the public sector to boost confidence from citizens, businesses and government itself into these digital systems


James Stirk, director, government, healthcare, education & CI at McAfee concludes: “At a national level, the UK is taking very seriously the importance of cyber threats and information security. However as modern government is primarily about joining-up services, partnership working and collaboration across sectors to deliver more responsive and cost effective services, more work needs to be done to iron out perceived barriers and make it more simple to join-up digital services and share information securely. This report provides tools and guidelines which we hope will help boards, senior managers and information teams in organisations that would like to review their information security strategies and governance arrangements.”
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...