Securing the Realm

HMG Security Policy Framework v8 Released

Andy — Tue, 29 May 2012 12:17:15 +0000

The Cabinet Office have released version 8 of the HMG Security Policy Framework (SPF) today.

Get your copy here

Government to launch G-Hosting to complement G-Cloud

Andy — Tue, 15 May 2012 14:34:01 +0000

It looks like the Government are going to be offering a G-Hosting framework at the end of the month when G-Cloud v2 is relased. The G-Hosting framework is to provide service where the G-Cloud does not fit, such as with legacy systems.

The government is planning to launch a G-Hosting framework to complement the second iteration of the G-Cloud, Computerworld UK has learned.

G-Hosting will allow the public sector to place complex applications into highly virtualised, shared environments within selected suppliers’ data centres.

Both frameworks are set to be launched on 30th May, with spend on the G-Cloud expected to reach £250 million by 2015 and spend on G-Hosting to reach £470 million by 2016.

The G-Hosting framework is being put in place to support the public sector where the G-Cloud framework does not suffice – specifically with complex hosting requirements for legacy systems

Full article here

Identity Assurance: Enabling Trusted Transactions

Andy — Mon, 14 May 2012 14:29:55 +0000

The Cabinet Office have released a new set of Good Practice Guides (GPG’s) on enabling trusted transactions via ID assurance.

Being able to prove your identity online easily, quickly and safely is recognised as a key enabler of internet use by the government, its agencies and its citizens. Providers of public services such as national and local governments, major internet companies, online retailers, banks and others are having to address business issues such as identity fraud (and the financial implications) and the administrative burden around username/password fallibility and related issues around proof of identity.

The Identity Assurance Programme is a core element of the ‘digital by default’ policy pursued by the Government Digital Service within the Cabinet Office. The Programme is facilitating the development of identity assurance schemes in the UK, by which citizens, business and devices will be able to assert identity safely and securely online in order to better access and transact with public services.

One widely accepted solution to providing identity online is the development of ‘identity assurance’ using a federated trust ‘framework’, or trust ‘ecosystem’. Basically, this requires an industry-agreed set of protocols, standards and certification under which organisations can collaborate to allow citizens to use assets they own to validate and verify their identity to ‘relying parties’.

Our preferred solution suggests the use of ‘hubs’ (technical intersections) which allow identities to be authenticated by contracted private sector organisations without an individual’s data being centrally stored or privacy being breached by unnecessary data and details of the user being openly ‘shared’ with either transacting party.

For full article and links to the GPG’s click here

Paper: Improving Incident Response Capabilities with a CIRT

Andy — Mon, 07 May 2012 10:39:36 +0000

Although slightly more focused on the academic sector, this paper is relevant for all business sectors looking at development of a Computer Incident Response Team (CIRT) or equiv (i.e. CSIRT).

This paper covers the why, how and benefits in developing a CIRT for your business.

Download my paper here.

PSN for Dummies

Andy — Wed, 02 May 2012 08:44:05 +0000

Level3 are offering a free download of a “For Dummies” series book on the Public Services Network (PSN).

The Public Services Network: The Transformation of Government ICT

If you work in or with the public sector, then you may already know about the Public Services Network (PSN). As one of the most important IT programmes in the UK public sector, this “Internet for Government” is transforming the way the public sector connects and works together, leading the way for shared and cloud-based services. By reducing network costs, improving operational efficiencies and simplifying IT management, PSN is estimated to save government agencies £130 million a year from 2014.

To help you navigate your transition and get the most savings, Level 3 Communications has helped produce The Public Services Network for Dummies. This guide tells you everything you need to know about the PSN, including:

Working Together with the Network of Networks
Delving Deeper into PSN: Structure and Security
Suppliers and Customers: Becoming PSN Certified
Ten PSN Nuggets to Remember

Signup for your free copy here

Think G-Cloud 2012 Event

Andy — Fri, 27 Apr 2012 10:20:13 +0000

A Plenary Second to None

The Think G-Cloud 2012 agenda aims to reflect the dynamism of its subject matter. This programme is designed to keep the interest and relevance of the day focussed right until the end. Often conference numbers trail off after lunch as it is felt the real attractions are in the am sessions. This is not the case with Think G-Cloud. This day is designed to inspire from start to finish. A small number of stand alone speakers will compliment the interactive foundations of the event. A heightened focus on panel discussion, as well as ample opportunity to have your voice heard during the extended Q and A sessions, make this conference a must for all those keen to explore the benefits of the Government Cloud.

Essential breakout sessions

Running in the morning and afternoon will be interactive breakout seminars, allowing for an excellent opportunity to better discuss key areas of policy with leading decision makers and peers. This will provide you with an excellent understanding of the benefits and excitement surrounding this massive change in Public Sector ICT procurement.

Expert Advice

30 leading and specialised service providers will be available throughout the day to discuss with you how their products and services can help you with your issues and challenges.

Great networking opportunities

You’ll join over 300 other delegates with the same concerns and interests as you. You will have the opportunity to share your experiences, ideas and concerns with those who are facing the same or similar challenges. With coffee breaks throughout the day and an hour for lunch, you will be provided with plenty of time and opportunities to network and discuss the day’s events.

At the IET, Savoy Place, London – October 18th 2012.

For more information and to sign up visit http://thinkgcloud2012.co.uk/

CloudStore v2.0

Andy — Wed, 25 Apr 2012 14:51:25 +0000

A second, more user-friendly, version of the CloudStore will be available in first or second week in May.

The new version of the government cloud computing catalogue will be launched a couple of weeks later than originally planned, according to Chris Chant, programme director for G-Cloud in the Cabinet Office.

The second CloudStore will allow users to comment on services included in the catalogue, Chant told the Socitm spring conference in London.

After an initial rush of interest in CloudStore following its launch in February, by March it had settled down to 8,000 visits, 5,500 unique visits and 72,000 page views for the month, he said.

About 30 organisations have now made purchases from the CloudStore, with values ranging from a few hundred pounds up to over £1m.

Chant said interest in CloudStore ranged across all sectors and included local government, the NHS, major departments such as the Department for Work and Pensions, and much smaller bodies.

Full story here

Information Security Breaches Survey

Andy — Wed, 25 Apr 2012 14:24:53 +0000

The Information Security Breaches survey was published today by PwC, supported by BIS through the National Cyber Security Programme. The report highlights the ongoing and changing threat to UK businesses from cyber security incidents and that 1 in 7 large businesses have been subject to hacking attacks in the last year.

Francis Maude, Minister for the Cabinet Office, responsible for cyber security, says:

Reports such as this give us a clearer picture of the changing threats to the UK in cyberspace. The internet brings undoubted economic and social benefits but we cannot afford to let the benefits be undermined by the risks.

“We are playing our part in government by putting in place a transformative National Cyber Security Programme to help protect UK networks by bolstering our resilience in cyberspace and assisting business in addressing these challenges to ensure continued growth of the UK’s internet economy.”

Presentation: Information Security Governance within UK Government

Andy — Wed, 18 Apr 2012 19:02:37 +0000

Today I presented a presentation on Information Security Governance (ISG) within UK Government, covering in the first part the IA stakeholders with Government and in the second part an overview of the vision; strategy; policy (SPF); standards; best practice/GPG’s and touched on the IAMM.

This presentation is meant to be a high-level, simplified overview that other presentations will be developed from that will look at more indepth technical areas of IA such as the RMADS; Data aggregation; Risk assessement and treatments etc.

I have uploaded a copy of the presentation with voice over here (65MB)

Cyber Security Challenge UK – New SANS Forensic Game

Andy — Tue, 27 Mar 2012 13:08:38 +0000

Type: Single Player
Player Count: 2000 per game
Registration will open at 8am on Monday March 19th

Game Play Dates:
April 12th – 14th 2012 (Registration will close at 5pm on April 10th)

For anyone interested, the Cyber Security Challenge UK has opened registration on a new forensics game from SANS, details below.

This is a new game from SANS though it covers the same topic as the game of the same name from last year. Participants will be provided with a network packet capture file that they must analyse to identify and interpret various types of network and web application attacks.

Participants will have to answer questions about the network itself, as well as the activities of the users on the network. The quiz is designed for an intermediate skill level, and all questions can be answered using the Wireshark packet analysis tool.

The game is now held over 3 days, this will allow you to play and “log on and off” at any time during the 3 days by clicking the save button but please remember that once you have clicked “submit” your entry is registered. Please also note that you can only play this game once, once you have submitted your score you will not be allowed to play again.

THE FIRST 4000 PEOPLE TO SEND IN A COMPETITION RETURN, WHO SCORE SOME POINTS, WILL RECEIVE A 2 HOUR VIRTUAL TRAINING PROGRAMME FROM INFOSEC SKILLS – SO DON’T GIVE UP EVEN IF YOU THINK YOUR RETURN IS NOT GOOD ENOUGH TO WIN.

https://cybersecuritychallenge.org.uk/sans-pca.php