Reducing Cyber Security Risks in the UK Public Sector

Slides:

Advertisements

Similar presentations

Cyber Security & Critical Controls Chris Few Industry Enabling Services CESG February 2011 © Crown Copyright. All rights reserved.

Advertisements

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

David A. Brown Chief Information Security Officer State of Ohio

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Prepare + Prevent + Respond + Recover + Mitigate START WITH PREVENTION Governor’s Office of Homeland Security & Emergency Preparedness (GOHSEP) Louisiana-State.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

2011 / 9/11/ S V E Security for Virtualized Environments The first comprehensive security solution for.

The impact of -borne threats Why companies should recognise and embrace the need for change.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

APRICOT 2015 Security Day Cooperation between Security Teams and Network Operators: Actionable Intelligence on ShellShock Arnold S. Yoon Information Security.

10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.

The Global Road Safety Partnership is hosted by Work Related Road Safety Ken Shaw – Global Road Safety Partnership Department of Disaster Prevention and.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1.

Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware.

Family Connection Collaborative Webs A Tool for Creating and Managing Web sites.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

HSCIC Cyber Security Presented by: Richard Ives - Stakeholder Engagement Manager IGA Conference - 16 Mar 2016.

Supporting the NHS to deliver better, safer, quality care NHS Connecting for Health.

Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s.

Important Information Provided by Information Technology Center

Securing Information Systems

Protect your Digital Enterprise

BAE systems Research results October 2016

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Deployment Planning Services

north Ayrshire Community planning partnership

Domain Name Service (DNS) Network Registry

Cybersecurity - What’s Next? June 2017

EITAC Cybersecurity program and IT Security updates

Cyber Crime What’s all the fuss about?

Information Technology Sector

Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.

Public Health England – Our progress under the Sendai Framework

McAfee Activate  McAfee offers advanced security solutions to the computer users across the globe.  It offers a wide selection of antivirus and internet.

Jon Peppler, Menlo Security Channels

National Cyber Security Programme Local : Building Resilience Together

Call AVG Antivirus Support | Fix Your PC

CMGT 230Competitive Success/snaptutorial.com

CMGT 230 Education for Service-- snaptutorial.com

CMGT 230 Education for Service-- tutorialrank.com

I have many checklists: how do I get started with cyber security?

CMGT 230 Teaching Effectively-- snaptutorial.com.

By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union

Protective Security Advisor Program Brief

Threat landscape financial sector

How can the social work role be supported, now and in the future, through the use of information and technology? NCAS 3 November 2016.

David J. Carter, CISO Commonwealth Office of Technology

The session will commence at Please mute your microphone

Social work education participation (SWEP)

The U.S. Department of Homeland Security

Keeping your data, money & reputation safe

Cybercrime and Canadian Businesses

Anatomy of a Large Scale Attack

Cyber Security Challenges

Voluntary Private Sector Preparedness Certification Program

Strategic threat assessment

Skills for Care Diane Buddery: Digital Support for Providers.

Cyber Security in a Risk Management Framework

Spear Phishing Awareness

Wireless Spoofing Attacks on Mobile Devices

Cybersecurity Simplified: Phishing

Thames Valley Chamber / Claire Logic

Presentation transcript:

Reducing Cyber Security Risks in the UK Public Sector Alison Whitney National Cyber Security Centre

Our Vision Helping to make the UK the safest place to live and do business online What we do Reduce the cyber security risk to the UK; Respond effectively to cyber security incidents; Understand the UK’s cyber security environment, sharing knowledge, addressing systemic vulnerabilities; and Nurture the UK's cyber security capability, providing leadership on key national cyber security issues. OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

NCSC Digital Government’s Remit Central Government in all its guises Local Government Health and Social Care Emergency Services Devolved Administrations Crown Dependencies and British Overseas Territories OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

What does help from the NCSC look like? Alerts, advisories and guidance on our website Cascading information through associations, trade bodies and similar groups: the one-to-many approach Briefings at events and conferences Cyber Security Information Sharing Partnership (CiSP) – private forums Bespoke consultancy for the most challenging risks Active Cyber Defence: NCSC provided services to make (public sector) organisations safer Incident Management Walk through what these things look like Emphasise that we don’t have finite resources so we have to prioritise Note that we will sometimes do things because they are the first-use of a new technology even if the risks to the system/service aren’t that high Our focus is both on citizen-facing online services and Enterprise IT OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

PHISHING & MALWARE MITIGATION Active Cyber Defence WEBCHECK MAILCHECK UK PUBLIC SECTOR DNS PHISHING & MALWARE MITIGATION OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

UK Public Sector DNS Service One of the NCSC’s most widely deployed active cyber defence capabilities Currently available to all public sector organisations On average the service is actively blocking 70,000 attempts to access known malicious sites each week Partnership with Government Digital Services (GDS) and Nominet UK Details on how to register: https://www.ncsc.gov.uk/information/uk-public-sector-dns-service OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

WebCheck Helping you to secure your public sector websites Free to use website configuration and vulnerability scanning service As of October the service had 877 users scanning 5547 unique URLs 151 urgent issues have been fixed following WebCheck notifications To sign up for the service: https://www.webcheck.service.ncsc.gov.uk/ OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

MailCheck The service supports organisations to adopt the DMARC security protocol Prototype service - 1760 unique domains registered Over 41 million spoofed emails of HMG domains have been reported blocked For further information on how to implement DMARC: https://www.ncsc.gov.uk/guidance/email-security-and-anti-spoofing OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

Phishing and Malware Mitigation Service A service that protects the HMG brand from phishing and common web-inject malware threats In excess of 141610 attacks successfully taken down Reduction in average time an attack remains live Sites hosted in the UK reduced from 27 hours to 1 hour median HMG brand infringement (phishing) reduced from 45 hours to 7 hours Web-inject malware hosted in the UK reduced from 526 hours to 43 hours OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017

Questions? https://www.ncsc.gov.uk/ OFFICIAL | Reducing Cyber Security Risks in UK Public Sector | December 2017