Skip to content

Cyber Security

Last Updated 24 October 2021

Effective protective security depends on the use of a variety of measures to detect, deter and delay any attack. Cyber security measures should form part of a multi-layered approach that includes physical and personnel/people security.

Information technology is increasingly integrated into everyday life – the world is a more open and connected place. Every business relies on the confidentiality, integrity and availability of its data. Our essential services rely on the integrity of cyberspace and the infrastructure, systems and data that underpin it. However cyber-related threats are one of the most significant risks to the UK, which is why cyber security is increasingly important to ensure the best protection.

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cyber security, bringing together capabilities developed by CPNI, CESG, CERT-UK and the Centre for Cyber Assessment. The NCSC helps to make the UK the safest place to live and work online - from individual citizens to the largest and most critical organisations.

The latest cyber security advice and guidance, including threat advice, is available on the NCSC website, including guidance aimed specifically at those with an interest in UK CNI. You can find out more about what the NCSC do on their website.

Network and Information Systems (NIS)

The EU Directive on the security of network and information systems (NIS) became UK law in May 2018.  This Directive places requirements on companies and organisations providing essential services in a number of critical national infrastructure sectors.  The Directive is concerned with the security and resilience of networks and IT systems.

The NCSC’s website includes the Cyber Assessment Framework (CAF), providing guidance for organisations responsible for vitally important services and activities. This includes information on the implementation of the Directive, NCSC’s role, and the support it provides to companies required to comply.

There will be occasions when networks and IT systems are affected by factors relating to personnel and physical security.  CPNI has a range of published guidance on these security disciplines which may be of interest and use to companies that fall under the NIS; these include general measures on personnel security and more specific physical measures designed to protect sensitive information.