Sign in


Socitm Insight Cyber Guide

This is the LIVE version as of 5 July 2017

New in this version

Socitm activity

Socitm is a founding member of the  Local Government Cybersecurity Stakeholder Group , facilitated by the Local Government Association, which also involves Solace, ADASS and the National Cyber Security Centre. The group’s most recent meeting discussed how to improve responses to incidents, with building regional capacity seen as one way to achieve this.

Socitm blog post on security for Solace:  http://www.solace.org.uk/knowledge/articles/2017-06-23-cybersecurity-fight-needs-everyone-to-volunteer/  

Socitm is also a founding member of the  Local Government Cybersecurity Technical Reference Group  run by the NCSC.

NCSC activity

The NCSC’s Active Cyber Defence (ACD) programme has announced four “simple and free” measures to improve basic cyber security: “None of them require additional money to implement. Nor are they overly technically complex to implement.”

Protected DNS  is a domain name server filtering service that blocks traffic to/from known malicious addresses

DMARC  (domain-based message authentication, reporting and conformance) is an email authentication, policy, and reporting protocol which makes successful email spoofing and spear-phishing attacks much harder for those of malicious intent.

Web Check  scans the websites of public bodies looking for common vulnerabilities and returns an easy-to-understand report with risk mitigation advice. NCSC comments, “As we prepare for formal launch a big focus is on signing up local government customers because our pilots have shown them to be the most likely immediate beneficiaries.” 
 
Phishing and malware mitigation  - the NCSC has been working with Netcraft, a private sector company, on a phishing and malware countermeasures service to protect the UK, including government brands. This is a protection from which government departments benefit automatically without having to do anything. 

The Netcraft service is being expanded over the coming months to cover deceptive domains and malware apparently delivered by government. See the  NCSC webpage  for more about this service and how to help it do its job well.  

Other recent activity

National strategic assessment of serious and organised crime 2017 , National Crime Agency (NCA), p.25-27 cover the NCA's cyber crime Assessment of Threat and Key Judgements

The Information Commissioner's Office (ICO) has released the results of its  Local Government Information Governance Survey 2016  of governance of data protection and freedom of information


If this is your first visit to the guide , we strongly recommend  About/Guide Structure  for an overview and how to use the guide.

Some guide content is for Socitm Insight consumers only. Access to Socitm Insight materials is automatically granted to those who are Insight subscribers directly or via Socitm Corporate membership.

  • New versions of the guide will come out as news or other content is added or updated.
  • The guide is designed to be useful on desk PC, tablet and smartphone formats.

Please send feedback/comments  to  cyberguide@socitm.net

  • Does it work for you?
  • What would make it better?

 

Archive: most recent new additions first

  • June 2017

Ransomware Events Notice -   The National Cyber Security Centre (NCSC) guidance is at  https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

Your local members of the Cyber Security Information Sharing Partnership (CiSP) and (Warning, Advice and Reporting Point) local/regional WARP networks may have other information to share. 

The links to these networks are  https://www.ncsc.gov.uk/cisp  and   https://www.warp.gov.uk/find-a-warp/   (check both if searching for a specific local/regional WARP)

  • May 2017
  • added Paloalto Networks and Forbes Publishing -  Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers – United Kingdom   (2016, 104 pages, free download, registration required) to the Problems-Solutions/Training, Education and Research section
  • April 2017
  • update to Cyber Timeline - Local Public Services Data Handling Guidelines (Version 4) published
  • update to EU GDPR notes - added links to new sources of guidance and information
  • update about guidance from the new National Cyber Security Centre
  • update about the April 2017 McAfee Labs Quarterly Threat Report (Socitm's Cyber Guide partner)
  • new guide section 'Problems-Solutions' - for links to a variety of sources of cyber training, education and research