Information Risk Management: HMG IA Standard Numbers 1 & 2

When setting an organisation’s Information Security Strategy, supporting IA structures, policies and processes need to be established. This Standard, its Supplement and the supporting documents published in the CESG IA Policy Portfolio will help Departments and Agencies to achieve this. Read more here:: NCSC Guidance

Infographic: Managing your information risk

Using technology to deliver business benefit attracts risk. Applying the guidance described below will help organisations to understand how to approach the assessment and management of risks. Read more here:: NCSC Guidance

Improving Information Assurance at the Enterprise Level (GPG 28)

This gidance complements the HMG/CESG IA Maturity Model (CIAMM®)and its associated Assessment Framework. In particular, it provides advice to SIROs to meet a fundamental requirement at Level 2 of the CIAMM®; “to have personally made and gained approval for a business case to the Main Board for a targeted programme of work to improve the …

Improving Information Assurance at the Enterprise Level (GPG 28) Read More »

Identity Proofing and Verification of an Individual (GPG 45)

This document is designed to demonstrate how a combination of the breadth of evidence provided, the strength of the evidence itself, the validation and verification processes conducted and a history of activity can provide various levels of assurance around the legitimacy of an identity. Read more here:: NCSC Guidance

ICT Service Management: Security Considerations (GPG 20)

This good practice guide (GPG) is aimed at IA practitioners who are involved in managing the risks to ICT Service Management Systems. This may include Accreditors, information risk managers, Information Technology (IT) Security Officers, information security consultants and system architects or designers. Read more here:: NCSC Guidance

Forensic Readiness (GPG 18)

Forensic Readiness is the achievement of an appropriate level of capability by an organisation in order for it to be able to collect, preserve, protect and analyse Digital Evidence so that this evidence can be effectively used in any legal matters, in security investigations, in disciplinary matters, in an employment tribunal or in a court …

Forensic Readiness (GPG 18) Read More »

End User Devices: Security Principles

The EUD Security Framework describes twelve principles for securing devices, all of which must be considered when deploying a particular solution. Principle Description Data-in-transit protection Data should be protected as it transits from the EUD to any services the EUD uses. IPsec VPNs provide the most standards-compliant way of doing this, but TLS VPNs or …

End User Devices: Security Principles Read More »

End User Devices: Common Questions

You should read and understand all the points raised by this section before proceeding with a new deployment of EUDs within your organisation’s network. Wi-Fi In general, devices which support Wi-Fi can be used securely on any Wi-Fi network which allows VPN traffic to transit the network. However, there are risks associated with using Wi-Fi …

End User Devices: Common Questions Read More »

End User Devices Security Guidance: Windows 7 and Windows 8

This guidance is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features. This guidance was developed following testing performed on a logo compliant device running Windows 7 SP1 and Windows 8.0 respectively. The guidance for Windows 7 …

End User Devices Security Guidance: Windows 7 and Windows 8 Read More »

End User Devices Security Guidance: Samsung Devices with Android 4.2

This guidance is applicable to Samsung devices running Android 4.2.2 and supporting the Samsung SAFE API. This guidance was developed following testing performed on Samsung Galaxy S4 devices running Android 4.2. 1. Usage Scenario Samsung Android devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working …

End User Devices Security Guidance: Samsung Devices with Android 4.2 Read More »

End User Devices Security Guidance: Introduction

Modern smartphones, laptops and tablets provide users with great flexibility and functionality, and include security technologies to help protect information. This security guidance is general to all End User Device (EUD) deployments and aims to help organisations harness these security technologies in a way that does not significantly reduce their functionality. Who is this guidance …

End User Devices Security Guidance: Introduction Read More »

End User Devices Security Guidance: Google Chrome OS 26

This guidance was developed following testing performed on Samsung Chromebooks running Chrome OS version 26.0. All device management services are provided by Google Infrastructure. This guidance was prepared with the provided versions as of June 2013. 1. Usage Scenario Chrome OS devices will be used remotely over any network bearer, including Ethernet, Wi-Fi and 3G, …

End User Devices Security Guidance: Google Chrome OS 26 Read More »

End User Devices Security Guidance: Apple iOS 6 Application Development

This document provides guidance on application security for iOS devices. It provides recommendations on development good practices to help applications appropriately store and process OFFICIAL information. Future guidance is planned to cover applications for other platforms. This document should be read by: Anyone developing applications which will handle protectively marked data Administrators considering deploying applications …

End User Devices Security Guidance: Apple iOS 6 Application Development Read More »

End User Devices Security Guidance: Apple OS X 10.9 – Provisioning Script

#!/bin/bash if ; then echo “This script needs to be run as root (with sudo)” exit 1 fi echo “[I] Beginning local provisioning now” read -p “[!] Enter a name for this device: ” DEVNAME systemsetup -setcomputername “$DEVNAME” scutil –set HostName “$DEVNAME” echo “[I] Creating a standard user account” CONFIRM=”n” while [ “$CONFIRM” != “y” …

End User Devices Security Guidance: Apple OS X 10.9 – Provisioning Script Read More »

End User Devices Security Guidance: Apple OS X 10.8 – Provisioning Script

#!/bin/bash if ; then echo “This script needs to be run as root (with sudo)” exit 1 fi echo “[I] Beginning local provisioning now” read -p “[!] Enter a name for this device: ” DEVNAME systemsetup -setcomputername “$DEVNAME” scutil –set HostName “$DEVNAME” echo “[I] Creating a standard user account” CONFIRM=”n” while [ “$CONFIRM” != “y” …

End User Devices Security Guidance: Apple OS X 10.8 – Provisioning Script Read More »