GIXnews

Transaction Monitoring for HMG Online Service Providers (GPG 53)

This guidance provides an overview of TxM from first principles to a suggested organisational structure and outlines a number of questions that organisations need to take into account when considering the business case for a TxM system. Read more here:: NCSC Guidance

Serving Web Content (Architectural Pattern 10)

This Architectural Pattern sets out key principles that help control the risks that are frequently found in serving web content. It is highly recommended that the principles presented in this Architectural Pattern are considered and integrated into the project from its beginning. Read more here:: NCSC Guidance

Security operations centre (SOC) buyers guide

This guidance is for organisations that are considering procuring a Security Operations Centre (SOC) from a third party. It is equally applicable for those seeking to establish their own in-house SOC. It summarises the core functions of a SOC, and includes the different deployment options available, the SOC lifecycle, and other high-level considerations. What does …

Security operations centre (SOC) buyers guide Read More »

Security governance, enabling sensible risk management decisions & communication

Security governance and business objectives Standard approaches to security and risk management are sometimes misinterpreted. Whilst being a useful starting point, the establishment of predetermined security risk management structures, business processes, roles and requirements are too often separated from the normal decision making structures and processes used elsewhere in the business. This separation can lead …

Security governance, enabling sensible risk management decisions & communication Read More »

Security governance introduction

What is security governance? Security governance is the means by which you control and direct your organisation’s approach to security. When done well, security governance will effectively coordinate the security activities of your organisation. It enables the flow of security information and decisions around your organisation. Just as security is the responsibility of everyone within …

Security governance introduction Read More »

Security Incident Management (GPG 24)

This guidance is primarily targeted at security managers who are accountable or responsible for implementing security incident management. The emphasis is on understanding and responding to business risks and what is required of a security incident response team. Read more here:: NCSC Guidance

Secure sanitisation of storage media

This guidance is suitable for any organisation wishing to ensure that their data held on storage media can not be read by unauthorised parties after it has left organisational control. What is sanitisation? Any data which is sensitive to your business should be removed from the media which stored it; just hitting ‘Delete’ isn’t enough. …

Secure sanitisation of storage media Read More »

Protective DNS Service for the UK Public Sector: Frequently Asked Questions

What is DNS? The Domain Name System (DNS) is often referred to as ‘the address book of the internet’ – it turns memorable names that humans can use, into the IP addresses that computer systems use to locate each other. Every time you ask your computer to access a website, your computer uses DNS to …

Protective DNS Service for the UK Public Sector: Frequently Asked Questions Read More »

Protecting your organisation from ransomware

Ransomware is a growing global cyber security threat, and one which could affect any organisation that does not have appropriate defences. The first half of 2016 saw an almost threefold increase in ransomware variants compared to the whole of 2015[1]. While ransomware against Windows operating systems has been commonplace for some years, attacks against Mac …

Protecting your organisation from ransomware Read More »

Protecting Bulk Personal Data: Introduction

Whether they’re held by public service or private enterprise, these bulk data stores make very tempting targets for attackers of all kinds. So it’s essential to ensure they’re adequately protected. The fifteen good practice measures outlined below provide a set of indicators against which the security of your holdings can be objectively appraised. They enable …

Protecting Bulk Personal Data: Introduction Read More »

PIANOS: Protecting Information About Networks, the Organisation and its Systems

Electronic material, common to all IT infrastructures, is used by intruders to understand their target environment. A study of the movements of intruders has resulted in advice that will impede their progress, make attacks more expensive to conduct and make detection easier. This guidance includes an infographic showing target technical information within an organisation and …

PIANOS: Protecting Information About Networks, the Organisation and its Systems Read More »

Organisation Identity (GPG 46)

This document should be read by individuals in organisations that are responsible for identity proofing other organisations where any HMG department or service will be relying on the identity of that organisation. This includes those responsible for the procurement, assessment or delivery of an Identity Assurance (IdA) service. Read more here:: NCSC Guidance