UK Government IA Recent Changes and Update
|
|
- Lilian Atkinson
- 8 years ago
- Views:
Transcription
1 UK Government IA Recent Changes and Update
2 INTRODUCTION Agenda Part 1 Government IA and Cyber Security Background Quick Threat Update UK Government Cyber Security Initiative Government Asset Control in terms of Protective Markings PSN Drivers, Anatomy and Terminology Part 2 Government IA Developments Procurement Notes New GCS Security Accreditation. Presenter Paul Bright
3 CYBER SECURITY INITIATIVE Threat Overview Cyber security threat increasing Nation states are now buying a cyber attack capability Threats exist against the critical national infrastructure The worst breach cost, on average, 65, ,000 for small businesses and 600,000 1,150,000 for large organisations, 2014 Information Security Breaches Survey. Low level assets Vast array of official data, including Machinery of Government data is not sensitive, but some OFFICIAL data has to be of course. Drive to protect lower level (OFFICIAL) data against high end states is not as strong as it was.
4 CYBER SECURITY INITIATIVE Objectives The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace. The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace. The UK to have helped shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies. The UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives..
5 CYBER SECURITY INITIATIVE Aspiration by 2015 is the UK is in a better position where: law enforcement is tackling cyber criminals; citizens know what to do to protect themselves; effective cyber security is seen as a positive for UK business; a thriving cyber security sector has been established; public services online are secure and resilient; and the threats to our national infrastructure and national security have been confronted.
6 GCS Government Classification Scheme The new Government Classification Scheme (GCS) in place since 6 Apr 2014 Previous Government Protective Marking Scheme (GPMS) marked according to BILs: BIL6: Top Secret, BIL5: SECRET: BIL4 Confidential, BIL3: Restricted. Also PROTECT for BIL1 or 2 and then NPM for BIL0 The last changes introduced after Cabinet Secretary found RESTRICTED on a note attached to a fridge.
7 ASSET CONTROL Low level asset control still a challenge The challenge of securing the fridges has not gone away - press report of 19 Nov 2014 reported lock placed on the Chancellor s fridge in the Treasury to protect the milk! Customers are still linking classifications to Impact Levels George Osborne 'locks milk in Treasury fridge says his deputy Danny Alexander
8 Public Services Network (PSN) Background Before, Departments, agencies, local authorities, police authorities had their own network. At least 2000 networks existed, connecting around 5.5 million public sector workers over hundreds of sites. Work with these bodies to rationalise and standardise the networks was needed and to save on costs. PSN Aims Make savings on duplicated connections, multiple procurements and service and maintenance overheads Enhance the ability for collaborative working between departments - deliver service efficiency and enable the sharing of sensitive information Make mobile working easier, offering potential savings from flexible working and better use of public estates Provide opportunities to share applications and data centre capacity
9 PSN Objectives Secure private internet for the public sector with the security that HMG requires. A network of networks from multiple suppliers to encourage a competitive marketplace Look and feel like a single network to its public sector customers, even though it is being provided by numerous suppliers; Allow industry to develop innovative products and generate savings across the public sector A single network multiple suppliers
10 PSN PROCUREMENT ARCHITECTURE Integrator 3 Integrator 4 Business Services Vendor 7 Integrator 1 Integrator 2 Vendor 8 Vendor 9 Technical Services Vendor 1 Vendor 4 Vendor 5 Vendor 6 Operator 1 Operator 2 Vendor 2 Vendor 3 Service Provider 3 Service Provider 4 Network / Access Services Government Conveyance Network Operator 3 Service Provider Operator 1 5 Service Provider 2 Transport & Core Network Operator 4
11 THE PSN CODES Commercial Obligations to PSN Code of Connection (CoCo) - Commitments that customers make to one another, and to the PSN Authority (PSNA), replaced the GCSx CoCo v4.1 Code of Practice (CoP) - Commitments that PSN Service Providers make to the PSNA Code of Interconnection (CoICo) - Commitments that Direct Network Service Providers make to the PSNA Deed of Undertaking (DoU) - Commitments that GCN Service Providers make to the PSNA All codes contain Technical Interoperability, Service Management, Governance, Commercial and Information Assurance Conditions..
12 PSN COMMERCIAL UNDERTAKING Cabinet Office PSN Framework Authorities Service Contract PSNA CoCo PSN Customers Framework MoU Central Services Service Providers GCN Deed of Undertaking CoICo CoP PSN Service Agreement (Framework Agreement Call-Off or Direct Contract) Framework Agreement GCN Service Providers GCN Service Providers GCN Service Agreement Direct Network Service Providers Network Service Agreement PSN Service Providers Contract Other Agreement GCN Interconnection Agreement
13 IA DEVELOPMENTS Cyber Security Initiative UK Govt s National Cyber Security Strategy - make UK a safer place to conduct business online by building a vibrant, resilient and secure cyberspace by Procurement Notices Wef 1 Oct 14, suppliers bidding to handle certain sensitive and personal information to be certified against the Cyber Essentials scheme (not required under G-Cloud or Digital Services Framework). Note 09/14 issued by Cab Office. ITTs can not ask for IL assurance. Suppliers must challenge. Policy and GCS New SPF issued Jun 3 Jun 14. Less prescriptive, MRs have gone. Replaced with a set of eight Security Outcomes. OFFICIAL information can be managed with good commercial solutions similar to risks posed to any large Corporate entity. Reduced to 3 levels: TOP SECRET, SECRET and OFFICIAL. OFFICIAL covers such a large landscape from old public (IL0) to some old Confidential (IL4) that some SENSITIVE-caveats are required.
14 IA SKILL FORCE DEVELOPMENTS CESG CERTIFIED PROFESSIONAL Community of recognised cyber security professionals in both the UK public and private sectors. Developed in consultation with government departments, academia, industry, the Certification Bodies and members of the CESG Listed Advisor Scheme (CLAS). All CLAS Consultants created the initial swell in to the new CCP Scheme. Scheme handled by 3 bodies accredited by CESG (APM, BCS & IISP). 7 x defined roles (Accreditor, IA auditor, IA architect, SIRA, ITSO, COMSEC, Pen Tester) plus 1 new to be added (Cyber Security Analyst). Current scheme under review to address a 2-tier system (results expected in Mar 15).
15 SECURITY ACCREDITATION PSN Accreditation Preferred IAS1 Risk Assessment Tool being withdrawn wef Jan No need to conduct any bespoke risk assessment. Pan Government Accreditation will be stopped for new G-Cloud; there are only 5 x PGAs now, will stop from Jan 15. PGA will concentrate on PSN backbone incl. DNSPs, core PSNSPs Remaining accreditation transferred to the commercial entity of the Government Digital Service (GDS). New G-Cloud services subject to a supplier assertion process against the G-Cloud Security Principles. The purchasing authority will do their own IA. Presumably some HMG InfoSec Standards will need to be updated pretty soon too.
16 PSNSPs - ACCREDITATION PSNSP Accreditation Security element has now moved to commercial element in GDS. New approach: not about centralised compliance, nor self-certification. It is a transparency exercise where suppliers state what they are doing to secure their services and products. Supplier makes assertions against each of the Cloud Security Principles (x14) as part of a supplier assessment exercise. RMADS gravy train disappearing. RISK ASSESSMENT & RISK GUIDANCE Guidance on how to assess risk due in Jan 15. Architectural patterns to be extended to cover risk management guidance Description for risk presented no need to conduct any bespoke assessment. Use an appropriate method consultation with partners happening now.
17 CYBER ESSENTIAL SCHEME (1) PURPOSE Scope State most essential security requirements. Certify against requirements. Make certification relevant, affordable & achievable (target cost of 350 for the certificate only to certify plus consultant s time and external testing for Cyber Essentials Plus scheme); BIS innovation voucher scheme can help with funding available from the Government. Scope is not extensive. A lot out of scope, e.g. removable devices, users, web development.
18 CYBER ESSENTIAL SCHEME (2) MITIGATING CONTROLS Boundary devices, e.g. a port scan CVSS v2 score 7 = fail. Secure configuration, e.g. devices scanned to check CVSS ratings ( 7 = fail). User access control: e.g. unsuitable IDs or weak passwords = fail. Malware protection: phishing test achieved by clicking on AV test file in or external URL, AV must be in use. Patch management: e.g. core software licensed and supported, updates to software within 30 days, out of date software removed, patches installed within 14 days (against list of common apps). APPROACH Stage 1 Self Assessment = Cyber Essentials; Stage 2 Independently tested = Cyber Essentials Plus Growing maturity Cyber Essentials becomes an integral part org s approach to risk management. No end date on the certificate! with recommendation to relist within 12 months..
19 FURTHER READING LINKS (1) Cyber Security Strategy GCS 1/uk-cyber-security-strategy-final.pdf 80/Government-Security-Classifications-April-2014.pdf Register for a PSN Service Supplier certificate PSN supplier assertions and Cloud Security Principles /Implementing_the_Cloud_Security_Principles.pdf
20 FURTHER READING LINKS (2) Cyber Security Essentials CESG /Cyber_Essentials_Requirements.pdf GOV.UK Digital Marketplace
21 Thank you for listening. Any questions?
SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services
SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services Contents 1 Introduction...2 2 IA, CLAS Consulting and CHECK Testing...3 3 Information Assurance...4 4 Accreditation...5
More informationThales Service Definition for PSN Secure Email Gateway Service for Cloud Services
Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...
More informationCybercrime in the Automotive Industry How to improve your business cyber security
Cybercrime in the Automotive Industry How to improve your business cyber security Robert Morbin, Project Co-ordinator, SMMT Simon Kendall, Cyber Security, Department for Business, Innovation and Skills
More informationFebruary 2015 Issue No: 5.2. CESG Certification for IA Professionals
February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or
More informationThe Public Services Network (PSN) Delivering together
The Public Services Network (PSN) Delivering together The PSN will... drive efficiencies in procurement, through a range of technical and service standards, which will lead to an open, collaborative environment
More informationCESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)
CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) Version 1.0 Crown Copyright 2016 All Rights Reserved Page 1 Document History Version Date Description 1.0 October 2013 Initial issue Soft copy
More informationEmbrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.
Embrace the G-Cloud Ultra Secure Colocation Services for the Public Sector 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Introduction What is G-Cloud? Types of accreditation: Business Impact Levels
More informationProcurement Policy Note Use of Cyber Essentials Scheme certification
Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply
More informationHow to gain accreditation for a G-Cloud Service
www.ascentor.co.uk How to gain accreditation for a G-Cloud Service Demystify the process As a registered supplier of G-Cloud services you will be keenly aware that getting onto the G-Cloud framework does
More informationPROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION
PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION 1. Introduction This document has been written for all those interested in the future approach for delivering ICT
More informationGet Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.
i Compliant Fully managed Encryption Overlay service enabling data sharing across secure networks. Provides operational efficiencies and cost savings through simplified procurement Get Better Protected...
More informationCyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification
Cyber Essentials Scheme Protect your business from cyber threats and gain valuable certification Why you need it Cybercrime appears in the news on an almost daily basis - but it s not just the large and
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationIT Heath Check Scoping guidance ALPHA DRAFT
IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance
More informationICT and Information Security Resources
Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44
More informationAssurance in the Cloud: Outsourcing Risk in a Shifting Landscape
by SCC We make IT work Assurance in the Cloud: Outsourcing Risk in a Shifting Landscape 02 CONTENTS You hold sensitive public sector data Sentinel protects it. Sentinel by SCC not only provides faster
More informationSpecialist Cloud Services. Acumin Cloud Security Resourcing
Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting
More informationHMG Security Policy Framework
HMG Security Policy Framework Version 11.0 October 2013 Contents Introduction... 4 Government Security Responsibilities... 4 Role of the Centre... 5 Policy Context... 7 Critical National Infrastructure
More informationwhite paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY
white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY SECURITY EXECUTIVE SUMMARY The UK government has increasingly been encouraging the use of cloud services instead of traditional
More informationCyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis
Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?
More informationApril 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level
April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level
More informationHMG Security Policy Framework
HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of
More informationGrowth Through Excellence
Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...
More informationGovernment Cloud Strategy
Government Cloud Strategy A sub strategy of the Government ICT Strategy March 2011 Table of contents Introduction... 2 Government s vision for G-Cloud... 5 Strategy... 8 How we will make these changes...
More information2015 CYBER SECURITY BRIEFING. Martyn Butcher Commercial Director
2015 CYBER SECURITY BRIEFING Martyn Butcher Commercial Director INTRODUCTION. 30 years experience working in the IT Industry Involved with the delivery of Information Security projects for the past 15
More informationResilience and Cyber Essentials
Resilience and Cyber Essentials Richard Bach Assistant Director Cyber Security Talk outline Why Cyber Essentials: the Policy context What is Cyber Essentials: Scheme background How the Scheme works: accreditation,
More informationA. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template
G-Cloud Service Pan Government Security Accreditation Scope This form is intended for Suppliers of services on the G-Cloud to complete. Upon receipt, the G-Cloud Programme will check Section A, Reference
More informationPractitioner Certificate in Information Assurance Architecture (PCiIAA)
Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationHOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS
white paper HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS EXECUTIVE SUMMARY There has been much talk of cloud services, G-Cloud and Cloud First in recent months, but what does
More informationCyber Essentials Scheme
Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified
More informationSBL Integration, Capabilities, and Enablement in Defence Justice@softbox.co.uk. 01347 812148 www.softbox.co.uk
SBL Integration, Capabilities, and Enablement in Defence Justice@softbox.co.uk 01347 812148 www.softbox.co.uk Contents Page 3 SBL Company Overview 4 SBL in Justice 5 SBL Apple Authorised Reseller 5 SBL
More informationApplication Guidance CCP Penetration Tester Role, Practitioner Level
August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document
More informationThe UK cyber security strategy: Landscape review. Cross-government
REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape
More informationJanuary 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals
January 2015 Issue No: 2.1 Guidance to Issue No: 2.1 January 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or copied without specific permission
More informationThales Service Definition for IL3 Encrypted Overlay for Cloud Services
Thales Service Definition for UK IL3 Encrypted Overlay Thales Service Definition for IL3 Encrypted Overlay for Cloud Services April 2014 Page 1 of 11 Thales Service Definition for UK IL3 Encrypted Overlay
More informationCESG Certified Professional
CESG Certified Professional Verify your skills and competence in information assurance Now open to cyber security professionals working in UK industry CONTENTS 1. Introduction 2. IA in Context: Why Professionalism
More informationGOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com
GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers
More informationG-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS
G-Cloud Service Definition Atos infrastructure Vulnerability Scanning (Outpost24) SaaS Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS Atos Infrastructure Vulnerability Scanning SaaS is powered
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationG-Cloud III Services Service Definition Accenture Cloud Security Services
G-Cloud III Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Outcomes... 5 5. Pricing... 5 6.
More informationObjectives for today. Cloud Computing i det offentlige UK Public Sector G-Cloud, Applications Store & Data Centre Strategy
Cloud Computing i det offentlige UK Public Sector G-Cloud, Applications Store & Data Centre Strategy This is not just about technology. The main area of change, thus the major challenge, is how we as leaders
More informationG-Cloud IV Services Service Definition Accenture Cloud Security Services
G-Cloud IV Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Capabilities... 5 5. Expected Outcomes...
More informationHSCIC IT Hosting Strategy
HSCIC IT Strategy Author: Paul A. Rawson Version: 1.7 Date: 30 April 2014 Purpose 1. The purpose of this paper is to seek approval of the HSCIC IT Strategy. The Strategy and Policy sections set out and
More informationChoosing Ascentor as your cyber security partner. Secure your information Strengthen your business
Secure your information Strengthen your business Choosing Ascentor as your cyber security partner www.ascentor.co.uk Ascentor Ltd 5 Wheatstone Court, Davy Way Waterwells Business Park Quedgeley, Gloucester
More informationHow To Secure Cloud Compute At Eduserv
Implementing the CESG Cloud Security Principles February 2015 Eduserv Public www.eduserv.org.uk Contents Introduction... 4 The principles... 4 About our claims... 5 1 Data in transit protection... 6 2
More informationSafety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw
Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationGPG13 Protective Monitoring. Service Definition
GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights
More informationGovernment Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL. v2.0 March 2014
Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL v2.0 March 2014 This FAQ describes how risk management activities should be conducted for the new OFFICIAL classification.
More information1. This report outlines the Force s current position in relation to the Policing of Cyber Crime.
Agenda Item No. 5 COMMUNITY OUTCOMES MEETING SUBJECT: CYBER CRIME 4 August 2015 Report of the Chief Constable PURPOSE OF THE REPORT 1. This report outlines the Force s current position in relation to the
More informationRemote Access Service (RAS)
Remote Access Service (RAS) Contents 1 Introduction to Remote Access Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Access Methods... 3 3 Differentiators...4 4 Commercials...5
More informationLet s talk information security.
Let s talk information security. Don t think. Know. Let s face it. Your data is precious. You don t want to think it s safe as it flies across your network you want to know it s safe. We understand that.
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating
More informationCyber Essentials Scheme. Summary
Cyber Essentials Scheme Summary June 2014 Introduction... 3 Background... 4 Scope... 4 Assurance Framework... 5 Next steps... 6 Questions about the scheme?... 7 2 Introduction The Cyber Essentials scheme
More informationG-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services
G-Cloud Service Definition Atos Oracle Cloud ERP Implementation Services Atos Oracle Cloud ERP Implementation Services Customers need adaptive and agile Enterprise Resource Planning (ERP) systems to support
More informationG-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services
G-Cloud 7 Service Definition Atos Oracle Cloud ERP Implementation Services Atos Oracle Cloud ERP Implementation Services Customers need adaptive and agile Enterprise Resource Planning (ERP) systems to
More informationThe Cadence Partnership Service Definition
The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues
More informationProjects undertaken in current role. Governance Lead/CISO for international Geospatial Solution
Dr Carol Buttle 27 Middleleaze Drive Swindon, Wilts SN5 5GL 07747882435 carolbuttle@icloud.com Summary Highly technical defence and security specialist providing Information Security Strategies (ISS) to
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationCESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS
CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have
More informationHosted Desktop as a Service
Hosted Desktop as a Service Contents 1 Introduction to Hosted Desktop Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Administration... 4 2.3 Access Methods... 4 2.4 Service
More informationLot 1 Service Specification MANAGED SECURITY SERVICES
Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationLeading by Example - Government Cloud Services from the UK, Germany and Japan
Cloud for savings, Cloud for quality 27 & 28 February 2013 Brussels, Belgium Leading by Example - Government Cloud Services from the UK, Germany and Japan www.cloudscapeseries.eu info@cloudscapeseries.eu
More informationShared and Managed Services & Systems. Delivering organisational efficiencies with innovative solutions
Shared and Managed Services & Systems Delivering organisational efficiencies with innovative solutions We are getting a cost-effective solution from a proven supplier. Capita IB Solutions understands our
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationThe UK Cyber Security Strategy. Report on progress December 2012. Forward Plans
The UK Cyber Security Strategy Report on progress December 2012 Forward Plans We are at the end of the first year of meeting the objectives outlined in the National Cyber Security Strategy. A great deal
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this
More informationNATIONAL RECORDS OF SCOTLAND preserving the past; recording the present; informing the future. 2011 Census
NATIONAL RECORDS OF SCOTLAND preserving the past; recording the present; informing the future 2011 Census Information Assurance Policy Statement By the UK Census Offices June 2011 NATIONAL RECORDS OF SCOTLAND
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationUK Permanent Salary Index - 2015
1 SYSTEM INTEGRATORS & CONSULTANCIES Job Title Guidelines 8 9 2010 2011 2012 2013 2014 Information & Risk IT Officer Project & Risk Consultant Analyst Part of a team in a large organisation responsible
More informationCROWN HOSTING DATA CENTRES AND THE CLEAREST ROUTE TO THE CLOUD. August 2015
CROWN HOSTING DATA CENTRES AND THE CLEAREST ROUTE TO THE CLOUD August 2015 CONTENTS What is Crown Hosting Data Centres 4 Data centres of the future, today 5 Is my organisation eligible? 5 Crown Hosting
More informationOn Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
More informationKeynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
More informationGovernment Procurement Service
www.pwc.co.uk Government Procurement Service PwC and the G-Cloud: knowledge, experience, value V1.0 PwC Service Definition 9: G-Cloud Cyber Security Design and Assurance 06 October 2015 www.pwc.co.uk Table
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationThales Service Definition for NOC Services for Cloud
Thales Service Definition for UK NOC Services Thales Service Definition for NOC Services for Cloud April 2014 Page 1 of 13 Thales Service Definition for UK NOC Services CONTENT Page No. Introduction...
More informationThe Scottish Wide Area Network Programme
The Scottish Wide Area Network Release: Issued Version: 1.0 Date: 16/03/2015 Author: Andy Williamson Manager Owner: Anne Moises SRO Client: Board Version: Issued 1.0 Page 1 of 8 16/04/2015 Document Location
More informationIBM Security in the Software Development Lifecycle
IBM Security in the Software Development Lifecycle Service Definition 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Technology Services, Security and Privacy, for the design
More informationG-Cloud Service Definition. Atos Data Quality Audit SCS
G-Cloud Service Definition Atos Data Quality Audit SCS Atos Data Quality Audit SCS As organisations increasingly utilise a hybrid of Legacy and Cloud based technology platforms, it becomes increasingly
More informationIBM Hosted Application Scanning
IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service
More informationAUDIT COMMITTEE 10 DECEMBER 2014
AUDIT COMMITTEE 10 DECEMBER 2014 AGENDA ITEM 8 Subject Report by MANAGEMENT OF INFORMATION RISKS DIRECTOR OF CORPORATE SERVICES Enquiries contact: Tony Preston, Ext 6541, email tony.preston@chelmsford.gov.uk
More informationABCs G-Cloud Secure South West
ABCs G-Cloud Secure South West Mark Craddock (@mcraddock) G-Cloud CloudStore Lead Propagation Lead v1.3 (SSW) Why? Public Sector spends ~ 16Bn on ICT 20 suppliers represent majority of government spend
More informationPSN Protective Monitoring. Service Definition
PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights
More informationSupplier Assurance Framework Good Practice Guide
Supplier Assurance Framework Good Practice Guide Version 2.0 February 2015 1 P a g e V e r s i o n 2. 0 F e b 1 5 Contents INTRODUCTION... 3 SUPPLIER ASSURANCE FRAMEWORK OVERVIEW... 4 USING THE STATEMENT
More information06100 POLICY SECURITY AND INFORMATION ASSURANCE
Version: 5.4 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low Management of Police Information (MoPI) The Hampshire Constabulary recognises that any information
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationPolicing Together. A quick guide for businesses to Information Security and Cyber Crime
Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will
More informationVirtual Desktop Infrastructure Platform as a Service
www.steria.com/uk Virtual Desktop Infrastructure Platform as a Service creativity simplicity independence respect openness contents 1 Overview... 4 1.1 Benefits of Virtual Desktop Infrastructure... 5 2
More informationG-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS
G-Cloud Service Definition Atos Business Intelligence Dashboards and Analytics SCS Atos Business Intelligence Dashboards and Analytics SCS The Atos approach to Business Intelligence (BI) Dashboards and
More informationUNCLASSIFIED HMG IA Standard No. 1 Technical Risk Assessment
October 2009 Issue No: 3.51 HMG IA Standard No. 1 HMG IA Standard No. 1, Issue: 3.51 October 2009 The copyright of this document is reserved and vested in the Crown. Intended Readership This Standard is
More informationSecurity Accreditation: Not Just a Tick in a Box
www.thalescyberassurance.com In this white paper Security accreditation is too often approached as a box ticking exercise. There is an opportunity cost here little acknowledged. This white paper from Thales
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationSCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT
SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT Issue 1.0 Date 24/03/2011 Logica is a business and technology service company, employing 39,000 people. It provides business consulting, systems integration
More information93% of large organisations and 76% of small businesses
innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.
More informationSERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open
SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this
More information