Come the end of October 2018 the Scottish Government is set to increase the scare-factor around this side of the United Kingdom especially within Scotland’s public sector.
No, not because it’s the time of year when thousands of children come knocking on your door, dressed as all kinds of demonic demons, demanding sugary snacks. This October is the deadline for all Scottish public bodies to achieve Cyber Essentials or Cyber Essentials Plus certification. The start of Scotland’s Cyber Resilience Strategy, one that ministers hope will be paralleled across the globe.
Deputy First Minister John Swinney’s vision is for Scotland to become a world leading nation in this field of expertise. If Scotland is to achieve this goal then its public sector must set a precedent for all others to follow. But with 60% of small businesses having been breached in the last year and with almost 40% of Scottish SMEs spending nothing on IT security* it seems that most of the public sector still need to act.
With the fears around cyber security more heightened than ever before, the Scottish Cyber Resilience scheme was developed in 2017 to lay the groundwork for minister’s long-term goal. The WannaCry ransomware attack of May 2017 accelerated the entire program after more than 300,000 computers were infected. Since then several requirements have been issued to those in the public sector regarding how government departments, local authorities and NHS boards can become more secure online.
While a large portion of Scottish public bodies already have cyber security measures in place, it’s the aim of Scottish ministers for the entire public sector to become exemplar in this field.
The following info gives an overview of cyber resilience and explains the steps the public sector should be taking:
What is Cyber Resilience?
Cyber Resilience means an all-encompassing approach that covers not only protective measures but also measures to respond and recover if you are attacked. Since cyber security is a risk management exercise, you should always be prepared for the worst to happen as there is always a margin of risk for things to creep through. That’s why, to cover all your bases, you need to be resilient and not just secure.
Products such as ISO 27001 is the international standard for information security best practice, and specifies the requirements for implementing an information security management system (ISMS). An ISMS offers organisation-wide protection of all information in all its forms. By implementing an ISMS you would be in a position to identify risks and continue to protect against them. All leading cyber resilience programmes incorporate requirements that ISO 27001 lays out and eases the process of implementation.
How do I become compliant?
By taking the necessary steps, sooner rather than later. Steps such as confirming a Cyber Essentials pre-assessment has taken place, ensure staff have undertaken cyber resilience training, and have a cyber incident response plan, are just some of the initial actions the Scottish Government has proposed the public sector to take.
Alan Calder, the founder and executive chairman of IT Governance, one of the Scottish public sector’s preferred providers, says that it is critical that Scottish organisations start their compliance journey as soon as possible.
He said: “Cyber-crime is perhaps the single biggest threat to modern businesses and attacks are continually on the rise. The Scottish Government’s legislation is something that we as an industry welcome to encourage more organisations to effectively incorporate cyber resilience into their practices.
“What’s fantastic to see is that the scheme incorporates the requirements of leading examples of cyber security such as the international information security standard ISO 27001 and the UK Cyber Essentials Scheme. That the Scottish Government has acknowledged that effective business continuity management makes up a crucial part of a comprehensive cyber resilience programme.”
Where can I get support?
IT Governance has helped thousands of companies with their compliance journey’s including the University of Edinburgh and Glasgow city council.
The Scottish Government has listed a range of existing standards, guidelines and controls that can contribute to increased cyber resilience. IT Governance can help organisations meet compliance obligations through the implementation of an ISO 27001-compliant ISMS, business continuity management, incident response management and penetration testing.
IT Governance has recently opened a brand-new Edinburgh office to further support local organisations, and the Scottish public sector, to align their cyber resilience strategies with international best practice. The company is a specialist in ISO 27001 implementations, CREST-accredited Cyber Essentials certifications, penetration testing PCI DSS and the GDPR. Visit their website – itgovernance.co.uk - for more information about cyber resilience products and services, or email servicecentre@itgovernance.co.uk or call 0131 5641214 to get in touch with the consultancy team.
* https://www.scottish-enterprise.com/knowledge-hub/articles/insight/cyber-security-and-why-it-matters
This sponsored article was brought to you by IT Governance.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel