Cyber Security & Resilience Initiatives By UK Government

By Shardul Singh on September 20, 2015

Due to UK’s political and economic significance, UK based institutions and core infrastructure faces a high Cyber risk. In the last 2-3 years HM Government and other public institutions have started initiatives to build framework and address the Cyber risk at all three key levels:

End-Users: Cyber Streetwise

Small & Medium Businesses: Cyber Essentials & Cyber Essentials Plus

Businesses Core to UK’s Financial Stability: Cyber Resilience / CBEST

Cyber Streetwise is an awareness campaign primarily targeted for non-IT background end users to encourage them to implement Cyber Security Best practices such as Strong Passwords, regular use of anti-virus and software upgrades and security tips relating to social media and online shopping. As part of the campaign, government is spreading awareness to masses through tweets, YouTube videos and advertisements in Underground trains.

Cyber Essentials & Cyber Essentials Plus is targeted for Businesses and even mandatory for central government contracts that involve handling of personal information and providing Information & Communication Technology (ICT) related services.

Cyber Essentials is the first step in the process and is based on a self-assessment questionnaire that Businesses complete and submit to an authorised agency to review.

Cyber Essential Plus is the second stage in the process and includes penetration testing of the key IT infrastructure of the business under review.

This will certainly help the businesses to think about and implement the minimum controls that they should put in place to protect clients’ personal information.

CBEST Cyber Resilience Framework is targeted to the Core Financial institutions in UK such as Banks, Building Societies, Insurers, Clearing Houses etc. It is different from conventional penetration tests as it is a bespoke, intelligence-led cyber security test framework. More details about CBEST such as CBEST Implementation Guide, FAQs, approved vendors etc. can be found at the Bank of England website.

 

Shardul Singh

Author

Shardul Singh

FRM, CISA, CISSP FinTech Risk & Audit Consultant