| |||||||||
| |||||||||
Current Filter: Security>>>>>Feature> Under Attack: Leading the Fightback Editorial Type: Industry Focus Date: 07-2014 Views: 2013 | |||
| On the 31 March this year, the UK'S Cyber Emergency Response Team went live, in a bid to strengthen the country's online defences, with particular focus on critical systems. But how much of a difference will it make? Brian Wall reports The number of cyber attacks now taking place is on the rise and, although the delayed implementation of this task force is clearly of value, many question whether the scope of the government's new Cyber Emergency Response Team - part of its £650m investment in cyber security - goes far enough. Mike Ellis, CEO of ForgeRock, for example, believes that cyber breaches are one of the most pressing and potentially damaging issues that can happen to a company and that, while the creation of the UK'S Cyber Emergency Response Team (CERT-UK) is a step in the right direction, it is long overdue. With the continuing rise of cyber attacks and the increasing value of data, he believes this isn't enough.
LONG OVERDUE Today's enterprise identity platforms and network security platforms inhabit disparate worlds, without any real connection or collaboration between the two, he argues. "With a rise of internet-enabled machine-to-machine (M2M) communication, more devices are dealing with and sharing user credentials without any direct action from the individuals involved. Each transaction between devices dealing with your private data increases the potential number of backdoors that hackers may use to gain access. It is imperative that governments and businesses address this issue before it is too late. They must use context to bridge the gap between identity and security." The intelligence required to truly foil criminal attacks are lost between the two worlds of identity and security, yet neither segments collaborate, he adds. "At the moment, many companies are, metaphorically speaking, leaving their doors open and letting anyone who wants to come in and take what they like. Cyber security needs to be taken as seriously as every part of business protection. Cyber breaches are one of the most pressing and potentially damaging issues that can happen to a company. They cannot rely on the government or task forces to protect their interests; businesses must take security into their own hands."
CYBER ESSENTIALS SCHEME CREST - the not-for-profit organisation that represents and certifies the technical information security industry - has worked alongside CESG to develop the assessment framework for the scheme. As part of this engagement, CREST defined the policy, procedures and requirements for companies that will provide certification services under the Cyber Essentials Scheme. CREST has also produced the syllabus areas and examination structures that underpin the scheme. In addition, through its members, CREST planned, conducted and reviewed the early Cyber Essentials pilot assessments. "Not all organisations have the resources available to invest in the most rigorous levels of information security and compliance. Cyber Essentials addresses this by creating a baseline for UK cyber security," explains Ian Glover, president of CREST. "By assembling and working with a forum of industry and technical experts, CREST has built an assessment framework optimised for the Cyber Essentials Scheme that will ensure organisations of all sizes and from all sectors can be properly and independently assessed to have the key technical controls in place to manage cyber risks."
| ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |