DBIS: Business leaders urged to step up response to cyber threats
06 September 2012
The UK Government has launched a 'Cyber Security Guidance for Business', giving the UK's most senior business leaders new advice on how better to tackle the growing cyber threats to their companies.
Currently, too few company chief executives and chairs take a direct interest in protecting their businesses from cyber threats. So now, for the first time, the Government and intelligence agencies are directly targeting the most senior levels in the UK’s largest companies and providing them with advice on how to safeguard their most valuable assets, such as personal data, online services and intellectual property.
The new guidance, produced by CESG (the Information Security arm of GCHQ), BIS and the Centre for the Protection of National Infrastructure (CPNI), will help the private sector minimise the risks to company assets. The guidance builds on a key objective within the Government’s Cyber Security Strategy to work hand in hand with industry and make the UK one of the most secure places in the world to do online business.
Cyber Security Guidance for Business consists of three products:
-
The first products aimed at senior executives. It offer some high level questions which we believe will assist and support them to determine their critical information assets, support them in their strategic level risk discussions and help them ensure that they have the right safeguards and cultures in place
-
The second product is an Executive Companion which discusses how Cyber Security is one of the biggest challenges that business and the wider UK economy face today. It offers guidance for business on how together we can make the UK's networks more resilient and protect key information assets against cyber threats. The document focuses around key points of risk management and corporate governance and includes some anonymous case studies based in real events
-
The third product supports the Executive Companion and provides more detailed cyber security information and advice for 10 critical areas (covering both technical and process/cultural areas). If implemented as a set it can substantially reduce the cyber risk by helping to prevent or deter the majority of types of attacks. For each of these 10 areas, we have summarised the issue, outlined the potential risks and provided some practical measures and advice to reduce these risks. The material integrates the "Top 20 Critical Controls for Effective Cyber Defence" as endorsed by CPNI. These controls provide further detailed guidance.
Press release
Guidance
© CESG