Cyber Security & Critical Controls Chris Few Industry Enabling Services CESG February 2011 © Crown Copyright. All rights reserved.

Slides:

Advertisements

Similar presentations

Compliance, Capability and Competence half-the-battle won.

Advertisements

Quality Assurance of ICT in Education NAACE is the professional association for those who are concerned with advancing education through the appropriate.

Module 1 Evaluation Overview © Crown Copyright (2000)

Get Started in e-Business. Aim This presentation is prepared to support and give a general overview of the ‘How to Get Started in e-Business’ Guide and.

The Queen’s University of Belfast JISC BS7799 Pilot The Queen’s University of Belfast Dr. Ricky Rankin.

Secure Standard Introduction for Health and Social Care Organisations 09 June 2014 Clive Star 1.

Secure Standard Introduction for IT Suppliers 09 June 2014 Clive Star 1.

Copyright © 2011 Cloud Security Alliance.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Computer Security: Principles and Practice

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Employment NTO Who is Tony Green? - Chief Executive of the Employment NTO Previous job - Regional Commercial Director, Central Opencast 20 years experience.

Supply Chain Development A step-change in Supply Chain performance 08/08/2015 OFFICIAL 1 Supply Chain Focus Group – 17 th September 2014 Vic Carlill.

University of Derby Corporate University of Derby Corporate (UDC) and International Centre for Guidance.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

National Vocational Qualifications in the United Kingdom Author:Richard Leach Venue: Turku, Finland Date:14 th September 2007.

IT ©e-skills UK National Skills Academy Learning, Qualifications and Skills September 2011 ©©©

IT Internal Audit Survey Overview of survey findings May 2009 IT ADVISORY ADVISORY.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Implementation of the Essential Standards The Australian Quality Framework (AQTF) is the national set of standards which assures nationally consistent,

2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.

Cyber Security & Fraud – The impact on small businesses.

Sandra C Security Advisor Energy Dan B Security Advisor Water

Communications-Electronics Security Group. Excellence in Infosec.

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/

UK Cyber Security Caley Robertson

SAMI & IMCA MARITIME CYBER SECURITY WORKSHOP

Consistency of Assessment (Validation) Webinar – Part 1 Renae Guthridge WA Training Institute (WATI)

FFIEC Cyber Security Assessment Tool

A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.

West Midlands Police response to Cybercrime: Local, Regional and National capabilities DCI Iain Donnelly.

ISACA Ireland Cyber Security Policy 9 February 2016.

Regional Cyber Crime Unit

Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.

Information Security tools for records managers Frank Rankin.

Cyber Defense: The Industry point of view Asgeir Myhre Managing director Teleplan Globe AS (Norway)

The Points Based System Sponsorship Responsibilities Employer’s Obligations Cheryl Pellew.

CESG. © Crown Copyright. All rights reserved. Information Assurance within HMG and Secure Information Sharing across the Wider Public Sector Kevin Hayes,

Revised Quality Assurance Arrangements for Registered Training Organisations Strengthening our commitment to quality - COAG February 2006 September 2006.

1 Dr. Spyros Papastergiou, University of Piraeus (Greece)–Dept. of Informatics M. Zaharias Singular Logic (Greece) CYSM Risk Assessment Methodology.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Cyber Security and Georgia. New Challenges

Legacy and future of the World Data System (WDS) certification of data services and networks Dr Mustapha Mokrane, Executive Director, WDS International.

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

Sessione interattiva: Autovalutazione della cyber security della tua Azienda [WISER Team] #CyberSecPractice.

GDPR Awareness and Training Workshop

Your Company’s cyber security assessment Hands-on session using CyberWISER Light [Anže Žitnik, XLAB, WISER Team] #CyberSecPractice.

IT and Project Management Best Practice Training

The National Initiative for Cybersecurity Education (NICE) AFCEA International Cyber Education, Research, and Training Symposium January 17, 2018 Bill.

Proactive Cyber Security Ian Glover

National Cyber Security Programme Local : Building Resilience Together

Project proposal for ISO 27001:2013 implementation

8 Building Blocks of National Cyber Strategies

Risks & Reality Cyber Security Risks & Reality

Cyber security policy in an evolving landscape

Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.

Community of Users.

Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,

M.Eng. Alessandro Mancuso Supervisor: Dr. Piotr Żebrowski

Security in the Real World – Plenary Day One

Research in Practice Development Officer A role in our core team, supporting evidence-informed practice in the adults social care sector. WHAT YOU WILL.

Thames Valley Chamber / Claire Logic

Presentation transcript:

Cyber Security & Critical Controls Chris Few Industry Enabling Services CESG February 2011 © Crown Copyright. All rights reserved.

Cyber Essentials An HMG scheme for testing security controls to defeat common Internet based threats Covers five control areas: –Internet Gateways; Secure configuration; User access control; Malware protection; Patch management Includes a two tier assurance framework: –Cyber Essentials: verified self-assessment Organisation completes self assessment questionnaire Responses reviewed as reasonable by assessor –Cyber Essentials PLUS: independently tested Tests whether controls implemented are sufficient to defeat common Internet based attacks February 2011 © Crown Copyright. All rights reserved.

Relevance of Cyber Essentials to LMN Policing of connections to shared academic networks Criterion for selecting suppliers accessing academic data Demonstrating commitment to cyber security Incorporation into ESISS penetration testing improves clarity of scope of testing February 2011 © Crown Copyright. All rights reserved.

February 2011 © Crown Copyright. All rights reserved. CESG & industry partners Cyber Security Industry Standards Products Systems Services People Education & Training Organisations Certify Supply Consumers Information risk owning organisations In the public sector, industry or academia Buy Employ The Assurance Landscape

CESG Service Catalogue OrganisationsTraining & Education PeopleProductsSystemsServices Information Assurance Maturity Model Certified Training Certified Professional Assisted Products Scheme Cyber Essentials Cyber Incident Response MSc in Cyber Security Listed Advisors Commercial Product Assurance Tailored Advice Service CHECK penetration testing Academic Centres of Excellence Common Criteria Technical Design Review Secure Destruction TEMPESTGovCertUK Further details at us at

Questions for LMN Which parts of the CESG service catalogue are most relevant to you? How can CESG develop its portfolio of schemes to meet your needs? Can CESG facilitate closer relationships between academia and industry on the topic of cyber security? February 2011 © Crown Copyright. All rights reserved.