Re-launch of '10 Steps to Cyber Security'
News article - 16 Jan 2015
In association with CPNI, Cabinet Office and BIS, GCHQ is pleased to announce the re-issue of the highly successful 10 Steps to Cyber Security, offering updated guidance on the practical steps that organisations can take to improve the security of their networks and the information carried on them.
Following its successful launch in 2012, the highly acclaimed guidance has made a tangible difference in helping organisations large and small understand the key activities they should evaluate for cyber security risk management purposes. Indeed, the Cyber Governance Health Check: 2014 of FTSE 350 Boards shows that 58% of companies have assessed themselves against the 10 Steps guidance since it was first launched. This is up from 40% in 2013.
‘10 Steps to Cyber Security’ has been updated to ensure its continuing relevance in the climate of an ever growing cyber threat. It now highlights the new cyber security schemes and services that have been set up more recently under the National Cyber Security Programme (NCSP) and also contains a foreword by the new Director of GCHQ, Robert Hannigan.
Within this he said, "GCHQ continues to see real threats to the UK on a daily basis, and the scale and rate of these attacks shows little sign of abating. However despite the increase in sophistication, it remains as true today as it did two years ago that there is much you can do yourself to protect your organisation by adopting the basic Cyber Security procedures in this guidance."
Alongside the Cyber Essentials scheme, '10 Steps to Cyber Security’ is a critical resource for UK businesses aiming to protect themselves in cyber space.
Common cyber attacks: reducing the impact
In parallel with the re-issue of the ’10 Steps to Cyber Security’, GCHQ has published a paper entitled 'Common Cyber Attacks:Reducing the Impact'.
Drawing on real case studies, the paper covers threats, vulnerabilities and attack types. It also addresses prevention and incident response. The paper is intended to help organisations understand that they need to be prepared to respond to threats from a range of attackers and have a framework of security controls in place to reduce the extent and impact of an attack.
Aimed at all organisations vulnerable to attack from the internet, the paper supports the comprehensive guidance provided in the ‘10 Steps to Cyber Security’ helping organisations to understand the key activities they should evaluate for risk management purposes. It also complements the guidance provided in the ‘Cyber Essentials' scheme, which provides a set of controls that organisations can put in place to show that they have met a recognised baseline of cyber security.