Tag Archives: UK Cabinet Office

BSIA issues White Paper on Information Destruction and revised guidance on Lone Working

The British Security Industry Association (BSIA) and its Information Destruction Section has announce the publication of a White Paper designed to be used as a guide for public sector agencies and any organisation wishing to benchmark against that sector and provide the correct protocols in the destruction of sensitive items and materials.

The guide references previously published guidance documents from the Cabinet Office and the Centre for the Protection of National Infrastructure (CPNI) in order to promote the required specifications for data destruction and the importance of secure information destruction.

Entitled Information Destruction in the Public Sector, the document specifies which sensitive materials should be securely destroyed. Furthermore, it defines the varying levels of secure information and documents that should be disposed of in the appropriate manner.

Threat profiles are assessed and analysed in tiers of severity, while the White Paper also affords organisations guidance on specifying the desired outcomes that information destruction should produce.

Adam Chandler, chairman of the BSIA’s Information Destruction Section, has expressed how the White Paper might serve private sector companies and the public sector as a whole.

The security of information is an issue of paramount importance in the 21st Century,” asserted Chandler. “Data breaches can be more than costly. They can ruin a Government’s credibility as well as a private sector company’s reputation. British organisations must fortify their infrastructure by ensuring standards are upheld and that data is adequately disposed of. By adhering to the standards set by the Government and referenced by the BSIA in this White Paper; citizens, employees and civil servants will be better protected.”

*Download the guide in full at: http://www.bsia.co.uk/publications/publications-search-results/257-information-destruction-in-the-public-sector.aspx

BSIA publishes revised lone worker guidance documents

The BSIA has also just published revisions to two of its lone worker guides.

The revisions have been made to Form 144: A Guide to Buying a Lone Worker Service and Form 288: Lone Workers – An Employer’s Guide in order to reflect recent changes in the lone worker services market.

Form 144: A Guide to Buying a Lone Worker Service provides end users with advice on how to go about procuring a lone worker service that will be right for their business and what information needs to be prepared before a potential supplier is approached.

Form 288: Lone Workers – An Employer’s Guide provides employers with essential information about their responsibilities towards their lone workers as well as detail around what they should expect from a lone worker device, its supplier, an Alarm Receiving Centre and the response.

Steve Lampett, technical officer at the BSIA, explained: “The BSIA’s Lone Worker Section decided to update these very useful guides to reflect changes within the lone worker services market. While many of these changes are minor routine amendments, educating the marketplace is a key objective of the Association. On that basis, ensuring industry guidance is up to date is of vital importance.”

Amendments to the guides include the following:

Form 144: A Guide to Buying a Lone Worker Service

  • Reflection of the new requirement placed on the supplier highlighting the need to be flexible in terms of alarm escalation contacts (including at different times of the day/week, escalation and prioritisation processes)
  • Inclusion of a greater emphasis on the supplier to provide ongoing training options for the customer

Form 288: Lone Workers – An Employer’s Guide

  • Changes from BS 8484:2009 to BS 8484:2011
  • Addition of the provision for using the services of BS 8591 Category 2 Alarm Receiving Centres
  • Health and Safety Executive guidance updates
  • Reflecting the name change of the Association of Chief Police Officers by replacing it with the National Police Chiefs’ Council

Craig Swallow, chairman of the BSIA’s dedicated Lone Worker Section, stated: “We wanted to ensure that our guidance remains up to date and continues to be useful for end users to refer to when procuring a lone worker service. The Section therefore felt it necessary to update both Form 144 and Form 288. We expect further changes will need to be made to these forms and other BSIA lone worker publications when the current revision of BS 8484 has been completed in 2016.”

*The updated versions of Form 144 and 288 are available to download free of charge from the BSIA’s website: www.bsia.co.uk

Leave a comment

Filed under Risk UK News

British Security Industry Association issues new Public Sector Guide on Information Destruction

The British Security Industry Association’s (BSIA) specialist Information Destruction Section has announced the publication of a White Paper on the subject of Information Destruction to be used by public sector entities. 

The White Paper is designed to be used as a guide for public sector agencies – and any organisation wishing to benchmark against that sector – that will provide the correct protocols in the destruction of sensitive items and materials.

This new guidance references previous documents published by the UK Cabinet Office and the Centre for the Protection of National Infrastructure in order to promote the required specifications for data destruction and the importance of secure information destruction in general.

The BSIA's Guide to Information Destruction in the Public Sector

The BSIA’s Guide to Information Destruction in the Public Sector

Entitled ‘Information Destruction in the Public Sector’, the BSIA’s document specifies which sensitive materials should be securely destroyed. Furthermore, it defines the varying levels of secure information and documents that must be disposed of in the appropriate manner.

Threat profiles are assessed and analysed in tiers of severity, while the White Paper also affords organisations guidance on specifying the desired outcomes that information destruction should produce.

Adam Chandler

Adam Chandler

Adam Chandler, Chairman of the BSIA’s Information Destruction Section, has expressed his views on how the White Paper might serve private sector companies as well as the public sector.

“The security of information is an issue of paramount importance in the 21st Century,” asserted Chandler. “Data breaches can be more than costly. They can ruin a Government’s credibility as well as a private sector company’s reputation. British organisations must fortify their infrastructure by ensuring standards are upheld and that data is adequately disposed of. By adhering to the standards set by the Government and referenced in this BSIA White Paper, citizens, employees and civil servants alike will all be better protected.”

*Download a copy of ‘Information Destruction in the Public Sector’ here: http://www.bsia.co.uk/publications/publications-search-results/257-information-destruction-in-the-public-sector.aspx

Leave a comment

Filed under Risk UK News

Cabinet Office minister Francis Maude visits cyber security specialist Advent IM

The Rt Hon Francis Maude MP has visited West Midlands-based cyber security consultancy Advent IM as part of the MPs’ remit as the Minister for Cyber Security. 

Maude met with Mike Gillespie and Julia McCarron, the co-founders of Advent IM, to find out more about the cyber security work the company delivers as one of the UK’s leading independent information security consultancies, the company’s history, its ethos and the business challenges faced by the organisation as an SME.

Topics for discussion on the day were both wide and varied. Mike Gillespie explained the principles of a holistic and risk-based approach to security and the MP was particularly interested in how this translates into solid governance in business.

Maude was also keen to find out more about threat convergence, how cyber threats can now impact our physical environments and steps that can be taken to mitigate those threats.

The team expanded on Advent IM’s development of cyber security training courses specifically for the police in the areas of SIRO and IAO responsibilities and accountability, general cyber security awareness training opportunities currently being developed and Advent IM’s mentoring approach to consultancy delivery, ensuring the company is seen by those involved as a business enabler.

The Advent IM team members meet Francis Maude MP

The Advent IM team members meet Francis Maude MP

The G-Cloud procurement process

Maude and the team discussed the merits of the G-Cloud procurement process and how there’s room to improve the perception that it’s more for technology purchases than consultancy, and how Government is starting to drive the requirement for Best Practice information security and ISO 27001 (more of which anon) through its outsourced service providers.

Changes to the Government Security Classification Scheme and the lack of understanding around its application were touched upon, as were the issues being confronted by local authorities in connecting to PSN and how the latest changes would impact on those either connecting or acting as a provider.

The Cabinet Office Minister also took the time to discuss areas of work with Advent IM staff from the consultancy, marketing and sales teams and the challenges they face when it comes to implementing and promoting cyber security across the UK.

“We greatly appreciate the time Francis Maude has taken to visit us,” said Advent IM’s operations director Julia McCarron. “As cyber security specialists, a number of us have attended events where Mr Maude has been present but we’ve rarely had the opportunity to discuss with him what’s happening in the market or air our views fact-to-face. To be singled out and given the chance to discuss our company, the industry and involve all of our staff in that forum was an honour for the team.”

Advent IM's Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Advent IM’s Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Holistic security management solutions

Advent IM focuses on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the ongoing need to address risk management in order to protect against potential threats.

From offices in the Midlands and London, the company’s consultants work on a nationwide basis and are members of the CESG Listed Advisor Scheme, the Institute of Information Security Professionals, The Security Institute, the Business Continuity Institute and the British Computer Society.

Advent IM consultants are also lead auditors for the international standards on Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and also Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

UK Government announces further measures to boost cyber security defences in the UK

On Friday 12 December, Francis Maude – Minister for the Cabinet Office – hosted an event at the Institute for Chartered Accountants of England and Wales in central London marking the third anniversary of the UK’s Cyber Security Strategy. On the day, Maude unveiled several additional measures being put forward by the Government to assist in safeguarding the online space for all citizens.

The event was designed specifically to address leaders in industry, academia and Government and highlight ways in which the UK is building skills to boost its growing cyber security sector. It follows hot on the heels of a report to Parliament on progress and forward plans scripted to make the UK one of the safest places in which to do business online.

Increasing the number of people with the right cyber skills is vital for both Government and industry as the UK collectively faces the reality of cyber threats. The Government’s work to improve the UK’s cyber security defences is led by the Cabinet Office, the Department for Business, Innovation and Skills and, of course, GCHQ.

Maude announced that the Government has committed to:

*Grants for colleges and universities in Birmingham, Liverpool, Lancashire and Newcastle that will improve cyber security education and learning (the grants being realised in partnership with companies including Barclays Bank and Hut Group, the online retailer)
*New cyber camps and mentoring schemes run in conjunction with the Cyber Security Challenge UK and the Cyber Growth Partnership to help computing graduates gain practical experience and begin a career in cyber security
*Cryptoy: a new and innovative Android app designed by students on placements at GCHQ to highlight exciting developments in cipher and code-breaking for a new generation of cyber specialists
*A virtual hub operated in conjunction with the Council of Registered Ethical Security Testers (CREST) that’s ultimately designed to inspire students towards cyber security careers and provide advice and information on job opportunities
*New cyber security careers resources for students within the Graduate Prospects careers website
*An updated guide for business on the cyber security skills initiatives that will help develop the skills of their own staff members and nurture future talent

“As part of this Government’s long-term economic plan,” stated Francis Maude, “we want to ensure that Britain is one of the safest places in which to do business online. Over the past three years, we’ve taken a strategic approach to improving cyber security, working with others to deliver schools programmes. We’ve also certified six Masters degrees and established two centres for doctoral training alongside 11 Academic Centres of Excellence.”

The MP continued: “Given the work of Alan Turing and Bletchley Park in days gone by, the UK has a proud heritage in cryptography and computer science. Today, no less than 40,000 people work in our cyber industry and we have 14 cyber security ‘clusters’ across the country, but we do want to develop greater skills and encourage more people to pursue a career in this growth area.”

Maude concluded: “We do hope the Cryptoy app will spark a new interest among individuals to pursue a career in cyber security. Our new cyber camps, mentors and Higher Education Academy grants will help more people when it comes to embarking on a cyber security career.”

Read the minister’s speech in full

Francis Maude MP delivering his speech at the Institute for Chartered Accountants in England Wales, central London

Francis Maude MP delivering his speech at the Institute for Chartered Accountants in England Wales, central London

UK’s cyber security talent pool

Stephanie Daman, CEO of the Cyber Security Challenge UK, responded to the MP’s speech by stating: “This announcement highlights the Government’s ongoing commitment to improving the size and quality of the UK’s cyber security talent pool. It also demonstrates a real understanding of the fact that addressing our cyber security skills gap requires a sustained programme of targeted support for innovative programmes and initiatives that are inspiring the next generation of cyber professionals.”

Daman added: “Government’s support now spans a huge range of opportunities, from innovative tools such as Cryptoy to a national mentoring programme and a raft of new cyber camps designed to inspire budding cyber defenders. As a country, we’re now creating extraordinary opportunities for young people who demonstrate the aptitude and appetite to forge successful and rewarding careers in cyber security. I’m encouraged that, with the continued backing of Government, UK businesses and academia we’re doing exactly what’s required to future-proof the cyber security capabilities of the UK.”

Mark Hughes, president of BT Security, explained: “Making certain that security’s right and protecting businesses, Government and the general public against cyber attacks is vitally important. Data breaches and attacks are an everyday threat to business and, with the UK cyber security industry now worth £6 billion a year, it’s critical that we build a pipeline of talented people to fill the gap in skills we’re currently experiencing.”

Hughes went on to say: “Recruiting into the industry is notoriously difficult. On that basis, it’s critical that we engage in strategic activity that helps find the right people, prepares them for jobs in the industry, trains them and makes them ready to take on key roles in the cyber security profession.”

In conclusion, Hughes outlined: “It’s for this reason that BT is proud to be supporting the cyber camps and mentoring schemes announced by Francis Maude. It’s not enough that we concentrate on developing the workforce of today. If we’re to build and maintain resilient infrastructure in the UK then we simply must develop the workforce of the future. BT is fully committed to helping create that workforce.”

Professor Stephanie Marshall, CEO of the Higher Education Academy, also voiced opinion on the matter. “If the UK is to be equipped to respond to cyber threats,” opined Marshall, “we need to strengthen the pipeline of cyber talent and help prepare students for entry-level security career opportunities. The Higher Education Academy is pleased to be able to offer support to higher education providers when it comes to developing innovative projects involving strong partnership with businesses that will improve cyber security teaching and learning across the discipline of computing and the sectors beyond.”

Marshall also explained: “All four projects launched at this event have the potential to do this, thereby helping to improve the skills of graduates, address the shortage of cyber security skills and future-proof the country’s IT sector, in turn making it more resilient to possible cyber attacks.”

Leave a comment

Filed under Risk UK News

Top 10 online-enabled frauds hitting British wallets to the tune of £670 million

Organisers of Get Safe Online – the joint public-private sector Internet safety initiative – have revealed the financial and emotional cost of cyber crime. In a specially commissioned poll of 2,000 people by Vision Critical for Get Safe Online Week 2014 (running from 20 to 26 October), half (50%) of those who have been a victim of cyber crime (including online fraud or cases resulting in economic loss, ID theft, hacking or deliberate distribution of viruses and online abuse) said they felt either ‘very’ or ‘extremely’ violated by their ordeal.

Separate figures prepared by the National Fraud Intelligence Bureau (NFIB) for Get Safe Online Week offer an indication as to the sheer scale of online crime, with over £670 million lost nationwide to the Top 10 Internet-enabled frauds reported between 1 September 2013 and 31 August this year. The £670 million statistic emanates from reported instances of fraud, calculated when the first contact with victims was via an online function.

Given that a significant number of Internet-enabled fraud cases still pass by unreported, the true economic cost to the UK is likely to be significantly higher.

The Get Safe Online survey also reveals that over half (53%) of the population now views online crime just as seriously as they do ‘physical world’ crimes, destroying the notion that online crime is ‘faceless’ and less important than other crimes. As a result, more cyber crime victims (54%) wish to unmask a perpetrator but only 14% have succeeded in doing so.

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

As stated, half (50%) of those individuals surveyed for Get Safe Online Week have been a victim of online crime although only 32% of these people reported the fact. Around half (47%) of victims did not know to whom they should report an online crime, although this figure is expected to drop due to the ongoing work of Action Fraud (the UK’s national fraud reporting centre) and the considerable Government resources now dedicated to fighting cyber crime.

On a more positive note, victims in the Get Safe Online poll said that their experiences have shocked them into changing their behaviour for the better, with nearly half (45%) opting for stronger passwords and 42% now being extra vigilant when shopping online. Over a third (37%) always log out of accounts when they go offline and nearly a fifth (18%) have changed their security settings on their social media accounts.

In stark contrast, however, most people still don’t have the most basic protection in place. More than half (54%) of mobile phone users and around a third (37%) of laptop owners do not have a password or PIN number for their device. That figure rises to over half (59%) for PC users and two thirds (67%) when it comes to tablet owners.

The 'Don't Be A Victim' Infographic produced by the team at Get Safe Online

The ‘Don’t Be A Victim’ Infographic produced by the team at Get Safe Online

Supporting law enforcement’s response to cyber crime

Commenting on the survey results, Francis Maude (Minister for the Cabinet Office) stated: “The UK cyber market is worth over £80 billion a year and rising. The Internet is undoubtedly a force for good, but we simply cannot stand still in the face of these threats which already cost our economy billions every year.”

Maude continued: “As part of this Government’s long-term economic plan, we want to make the UK one of the most secure places in which to do business in cyberspace. We have an £860 million Cyber Security Programme in place which supports law enforcement’s response to cyber crime, and we’re also working with the private sector to help all businesses protect their vital information assets.”

Francis Maude MP: Minister for the Cabinet Office

Francis Maude MP: Minister for the Cabinet Office

In conclusion, the Cabinet Office leader added: “Our Get Safe Online and Cyber Streetwise campaigns provide easy to understand information for the public on how and why they should protect themselves. Cyber security is not an issue for Government alone. We must all take action to defend ourselves against the threats now being posed.”

Tony Neate, CEO at Get Safe Online, explained: “Our research shows just how serious a toll cyber crime can take, both on the wallet and on well-being. This has been no more apparent than in the last few weeks with various large-scale personal photo hacks of celebrities and members of the general public. Unfortunately, this is becoming more common now that we live a greater percentage of our lives in the online space.”

Neate went on to state: “This year, Get Safe Online Week is all about ‘Don’t Be A Victim’. We can all take simple steps to protect ourselves, including putting a password on our computers and mobile devices, never clicking on a link sent by a stranger, using strong passwords and always logging off from an account or website when we’re finished. The more the public do this, the more criminals will not be able to hide behind a cloak of anonymity.”

Tony Neate: CEO at Get Safe Online

Tony Neate: CEO at Get Safe Online

Detective Superintendent Pete O’Doherty, head of the NFIB at the City of London Police, said: “Cheap and easy access to the Internet is changing the world and transforming our lives. What many of us may be less aware of is the fact that financial crime has moved online and poses a major threat to people of all ages and from all walks of life. Men and women, young and old, rich and poor. It matters little who you are, where you live or what you do.”

O’Doherty continued: “It’s vitally important people are fully aware of the dangers around fraud and Internet-enabled fraud which is why the City of London Police, in its role as the National Policing Lead for Fraud and home to the National Fraud Intelligence Bureau, is fully supportive of Get Safe Online’s week of action.”

Importantly, O’Doherty added: “I would also call on anyone who has fallen victim to an online fraud to report this to Action Fraud. It’s only then that local police forces will be able to track down the main offenders and ensure victims receive the best possible support as they try to recover from what can be an extremely difficult and upsetting experience.”

Have you been a victim of cyber-enabled fraud?

George Anderson, director of product marketing at Internet security specialist Webroot, has also offered his views on the survey results.

“It’s sad but not surprising that 53% of British people have fallen victim to cyber crime,” asserted Anderson. “The Internet has been assimilated into our daily lives to the point where it’s easy to forget how hazardous it is if the proper security measures are not taken.”

Anderson continued: “The key to making the UK a safe Internet user zone is education. As a country, as communities and as individuals we should be actively promoting awareness of Internet safety and security issues. The Government’s research should not scare people away from online activities, but rather start the process of serious and continuous conversations whereby we evaluate the online precautions we take both at home and at work. Education should start at an early age, with parents and education bodies working to ensure future generations populated by ‘security savvy’ individuals.”

Adding to that message, Anderson said: “Understanding what preventative measures we can take ranges from a rudimentary awareness through to in-depth technical knowledge. However, far too many people have become too complacent with modern technology to even practice the basics. The modern person should by now know that computers ought to be protected by updated, Best-of-Breed anti-spyware and anti-virus software. They should practice safe surfing habits and harbour a full comprehension of online activities that would place their information at more risk than others. Also, they ought to be able to identify and understand website privacy policies and know when or when not to impart information regarding personal data.”

*If you think you may have been the victim of cyber-enabled economic fraud (ie where you have lost money), you should report the occurrence to Action Fraud and include as much detail as possible. Telephone: 0300 123 2040. Alternatively, visit: http://www.actionfraud.police.uk

**If you have been the victim of online abuse or harassment, you should report it to your local police force

***For general advice on how to stay safe online visit: http://www.GetSafeOnline.org

Leave a comment

Filed under Risk UK News

GCHQ certifies Masters degrees in cyber security

The certification of six Masters degrees in cyber security has been announced by Francis Maude, Minister for the Cabinet Office. This announcement marks another significant step in the development of the UK’s knowledge, skills and capability in all fields of cyber security as part of the National Cyber Security Programme.

The National Cyber Security Strategy recognises education as being absolutely vital to the development of cyber security skills and, earlier in the year, UK universities were invited to submit their cyber security Masters degrees for certification against GCHQ’s stringent criteria for a broad foundation in cyber security.

Partnerships have been key throughout the process with the assessment of applicants based on the expert views of industry, academia, professional bodies, GCHQ and other Government departments.

The six successful Masters degrees were judged to provide well-defined and appropriate content, with all of them delivered to the highest standard.

Francis Maude MP: Minister for the Cabinet Office

Francis Maude MP: Minister for the Cabinet Office

Development of GCHQ-certified Masters degrees will help the successful universities to promote the quality of their courses and assist prospective students in making better informed choices when looking for a highly valued qualification. It also assists employers to differentiate between candidates when employing cyber security staff.

A further call for Masters certification will take place in late 2014 and extend to those degrees focused on critical areas of cyber security such as digital forensics.

Details of certified status for six universities

The six successful universities whose cyber security Masters degrees have been awarded GCHQ-certified status are as follows:

Full certified status
Edinburgh Napier University: Degree – MSc in Advanced Security and Digital Forensics
Lancaster University: Degree – MSc in Cyber Security
University of Oxford: Degree – MSc in Software and Systems Security
Royal Holloway, University of London: Degree – MSc in Information Security

Provisional certified status
Cranfield University: Degree – MSc in Cyber Defence and Information Assurance
University of Surrey: Degree – MSc in Information Security

“Every time I visit GCHQ I see at first-hand the tremendous work being conducted in relation to cyber security,” explained Francis Maude MP. “Cyber security is a crucial part of this Government’s long term plan for the British economy. We want to make the UK one of the safest places in the world to do business online. Through the excellent work of GCHQ in partnership with other Government departments, the private sector and academia we’re able to counter threats and ensure that, together, we’re stronger and more aware.”

Nigel Smart, Professor of Cryptology at the University of Bristol, stated: “I’m delighted to have been appointed as independent chairman of the panel that assessed applications, and am excited that GCHQ has introduced this rigorous standard for judging general cyber security Masters degrees. For the first time, UK universities which become certified will have a means to promote the quality of the cyber security issues they teach.”

Smart also commented: “Over the next few years, as GCHQ certification is applied to more specialised areas of cyber security, I expect the number of UK universities achieving certification of their Masters degrees to increase, thereby helping to raise the overall standard of teaching in cyber security at Masters level.”

Mark Hughes, the President of BT Security, commented: “At BT, we’re acutely aware of the impact of the UK cyber skills gap. Recruiting the right people with the right knowledge and skills is a big deal for us. As a leading Internet service provider we want to employ the very best. That’s why we welcome GCHQ’s certification of Masters degrees in cyber security. The fact that GCHQ recognises these courses as high calibre gives us, at BT, the confidence that those graduating with a Masters from one of these universities will have the sound knowledge base in cyber security we would be looking for. This is a great step forward in developing the cyber specialist of tomorrow.”

Chris Ensor, deputy director for the National Technical Authority for Information Assurance at GCHQ, added: “As the National Technical Authority for Information Assurance, GCHQ recognises the critical role academia plays in developing the UK’s skills and knowledge base. I’d like to congratulate the universities which have been recognised as offering a Masters degree which covers the broad range of subjects that underpin a good understanding of cyber security. I’d also encourage those that didn’t quite make it this time around to reapply in the near future, particularly as we begin to focus on more specialised degrees. Recognition of these degrees is an important first step towards delineating academic Centres of Excellence in cyber security education.”

Leave a comment

Filed under Risk UK News