Security advice

Share

Share this page with the external widget:

  • Delicious
  • Digg
  • Reddit
  • StumbleUpon
  • Email

Cyber security

Almost every business relies on the confidentiality, integrity and availability of its data. Protecting information, whether it is held electronically or by other means, should be at the heart of the organisation’s security planning. The key questions to keep under constant review are:

  • Who would want access to our information and how could they acquire it?
  • How could they benefit from its use?
  • Can they sell it, amend it or even prevent staff or customers from accessing it?
  • How damaging would the loss of data be? What would be the effect on its operations?

CPNI provides a range of guidance documents and technical notes aimed at improving practices and raising awareness of current issues related to information security. The following sections set out this information in more detail.

Critical Security Controls

The Critical Security Controls for cyber defence are a baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence. CPNI is participating in an international government-industry effort to promote the Critical Security Controls for computer and network security. The development of these controls is being coordinated by the SANS Institute.

Critical Security Controls

iDATA: improving Defences Against Targeted Attack

The aim of this project is to establish an improved understanding of the motives and methods used by threat actors/attackers to inform proportionate and effective Cyber defences. CPNI is utilising both open and sensitive reporting to support the initiative.  We are also sponsoring a range of activities across industry and academia to provide relevant and timely advice into the Critical Controls programme and directly to owners of those services, systems and data that are critical or economically important to the UK.

iDATA: improving Defences Against Targeted Attack

Trustworthy Cyber Infrastructure (TCI)

This programme aims to improve the trustworthiness (safety, reliability, availability, security & resilience) of services, systems and data that are critical or economically important to the UK. CPNI is working with research and knowledge experts to provide better understanding and improved methods that can then be used proportionately by a wide range of communities to increase ‘trustworthiness’.  CPNI also provides information on forthcoming trends and technologies that are likely to provide a positive or detrimental impact to current perceptions.

Trustworthy Cyber Infrastructure (TCI)

Cyber insiders

An insider is someone who (knowingly or unknowingly) misuses legitimate access to commit a malicious act or damage their employer. These days, most insider acts involve IT exploitation termed “Cyber Insider”.  We are engaged with industry and academia through a broad range of research initiatives that aims to improve IT monitoring capabilities to identify insider precursors and behaviour; raising awareness in employer and employee communities about insider threats; establish methods for designing IT and policies to deter staff from committing insider acts; Designing IT and work practices to block insider acts.

Cyber insiders

SCADA

Almost all critical industrial infrastructures and processes are managed remotely from central control rooms, using computers and communications networks. The flow of gas and oil through pipes, the processing and distribution of water, the management of the electricity grid, the operation of chemical plants, and the signalling network for railways. These all use various forms of process control and 'supervisory control and data acquisition' - known as SCADA technology.

SCADA

DDoS best practice

A Denial-of-Service (DoS) attack involves a malicious attempt to disrupt the operation of a computer system or network that is connected to the Internet. The most common form of attack is one which disrupts the operation of the computer system or network by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.

DDoS best practice

Mobile devices

Over recent years, business has seen a trend away from office based working towards more flexible, mobile working. As part of these changes, there are now many more devices that are commonly used by organisations - laptops, USB storage, smartphones and tablets.

Mobile devices

Password advice

Passwords are widely used to prevent unauthorised access to systems and/or material. CPNI have been encouraged to pull together content, relating to the use of passwords, contained within version 4 of the Critical Security Controls.

Password advice

Good practice catalogue

Below is a catalogue of cyber and cyber related guidance that has been produced by CPNI. The guidance is sorted alphabetically with all guidance older than 2010 filed under the archive tab at the bottom of this page.

Good practice catalogue

Share

Share this page with the external widget:

  • Delicious
  • Digg
  • Reddit
  • StumbleUpon
  • Email