GCHQ relaunches ’10 Steps to Cyber Security’ Guide for end user organisations

The '10 Steps To Cyber Security'

The ’10 Steps To Cyber Security’

In association with the Centre for the Protection of National Infrastructure (CPNI), the Cabinet Office and the Department for Business, Innovation and Skills (BIS), GCHQ has announced the re-issue of the highly successful ’10 Steps to Cyber Security’, offering updated guidance on the practical steps that organisations can take in order to improve the security of their networks and, importantly, the information carried on them.

Following its successful launch in 2012, the highly acclaimed guidance has made a tangible difference in helping organisations both large and small in scale understand the key activities they should evaluate for cyber security risk management purposes.

Indeed, the 2014 Cyber Governance Health Check of FTSE 350 Boards of Directors shows that 58% of companies have assessed themselves against the 10 Steps guidance since the document was first launched. That statistic is up from 40% in 2013.

The Cyber Governance Health Check is formed of two elements. The first stage is the ‘tracker’, an online tool configured to assess and report levels of cyber security awareness and preparedness across the FTSE 350 spectrum from a governance perspective. Completion of the tracker has resulted in this aggregated tracker report, as well as confidential individual benchmarking reports for each participating company.

The second stage is the ‘diagnostic’, an audit-based tool which builds on the results of the tracker. The diagnostic will assess and report areas of cyber security vulnerability and good practice and subsequently suggest what actions management can take to address vulnerabilities and build on good practice.

Ever-growing threat in cyber space

‘10 Steps to Cyber Security’ has been updated to ensure the guide’s continuing relevance in the climate of an ever-growing cyber threat. It now highlights the new cyber security schemes and services that have been set up more recently under the National Cyber Security Programme and, in addition, contains a foreword by the new director of GCHQ, Robert Hannigan.

Robert Hannigan: director of GCHQ

Robert Hannigan: director of GCHQ

“GCHQ continues to see real cyber threats to the UK on a daily basis, and the scale and rate of these attacks shows little sign of abating,” explained Hannigan. “However, despite the increase in the sophistication of attacks, it remains as true today as it did two years ago that there’s much security and IT professionals can do to protect their organisations by adopting the basic cyber security procedures outlined in this guidance.”

Alongside the Cyber Essentials Scheme, ‘10 Steps to Cyber Security’ is a critical resource for UK businesses aiming to protect themselves in cyber space.

Common Cyber Attacks: Reducing the Impact

In parallel with the re-issue of the ’10 Steps to Cyber Security’, GCHQ has also published a paper entitled: ‘Common Cyber Attacks: Reducing the Impact’.

Drawing on real Case Studies, the paper covers threats, vulnerabilities and attack types. It also addresses prevention and incident response.

The paper is intended to help organisations understand that they need to be prepared to respond to threats from a range of attackers and have a framework of security controls in place to reduce the extent and impact of an attack.

Aimed at all organisations vulnerable to attack by way of the Internet, the GCHQ paper supports the comprehensive guidance provided in the ‘10 Steps to Cyber Security’, in turn helping organisations to understand the key activities they should evaluate for the purposes of holistic risk management.

It also adds to the guidance provided in the ‘Cyber Essentials’ scheme, which provides a set of controls that organisations can put in place to show that they have met a recognised baseline of cyber security.

*The Business Continuity Institute’s Horizon Scan report has consistently shown that cyber attacks and data breaches are two of the biggest concerns for business continuity professionals, with the latest report highlighting that 73% of respondents to a survey expressed either ‘Concern’ or ‘Extreme concern’ at the prospect of one of these threats materialising at some point in the future

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts