UK government has just published its first attempt at setting a minimum security for organisations called the Minimum Security Standard (), which will be incorporated into the Government Functional Standard for Security.

Peter Batchelor, Director at  Security, argues that although this might initially look like progress, the document is ambiguous in its design and departments need more to achieve the best standards.

Peter Batchelor, Director at Skybox Security:

- 1x1 - Skybox Says The New Minimum Cyber Security Standard (MCSS) Doesn’t Provide Enough Guidance For Public Sector Departments

“The Government’s new Minimum Cyber Security Standard (MCSS) is a vital move towards improving the security of public sector organisations. However, it is unfortunate that it has not been accompanied by more detailed guidance to help them achieve compliance. Despite criticism, these organisations are taking cybersecurity seriously, but given tight budgets, they need the right technology and ample advice as to how their funding should be distributed.

“Section 6 states – Systems which handle sensitive information or key operational services shall be protected from exploitation of known vulnerabilities. The most effective way of meeting this particular requirement is by using technology that offers visibility of threats and vulnerabilities, but then analysing this information can be an overwhelming task for a small and overstretched team of public sector IT specialists. They are desperate for practical support that tells them what the priorities are to work on immediately and automates much of the workload of closing down vulnerabilities effectively.”

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here