Operational security

Advice and guidance covering the day to day management of an organisation's security activities.
Showing 14 results
Sort by: A-Z|Date
  • The NIS Guidance Collection

    Guidance19 Jul 2018TopicsOperational security

    VERSION 1.0.1 (19 July 2018) Changelog

  • A2. Risk management

    Guidance30 Apr 2018TopicsOperational security, IT infrastructure, NIS Directive
  • A4. Supply chain

    Guidance30 Apr 2018TopicsOperational security, Network security, NIS Directive
  • Pile of oranges and an  apple

    Maturity models in cyber security: what's happening to the IAMM?

    Blog post08 Mar 2018AuthorAnne WTopicsOperational security

    Here we explain a bit about maturity models, look at how they've been used for cyber security, and explain why the NCSC is no longer supporting the IA Maturity Model (IAMM) introduced in 2008.

  • Keeping your security monitoring effective

    Keeping your security monitoring effective

    Blog post15 Dec 2017AuthorJono PTopicsOperational security, Monitoring
  • Securing email

    Improving email security

    Blog post15 Sep 2017AuthorRichard CTopicsOperational security, Data in transit, Secure communications
  • Email security and anti-spoofing

    Guidance15 Sep 2017TopicsOperational security, Data in transit

    A guide for IT managers and systems administrators

  • Penetration Testing

    Guidance09 Aug 2017TopicsOperational security, Network security

    Advice on how to get the most from penetration testing

  • pens

    Penetration testing - what is it and who is it for?

    Blog post09 Aug 2017AuthorHarry WTopicsOperational security, Network security

    A primer for anyone interested in reading our new penetration testing guidance

  • Internet edge device security

    Guidance12 May 2017TopicsIncident management, Operational security, IT infrastructure

    What to do if you suspect your internet edge router has been compromised

  • Systems administration architectures

    Guidance25 Sep 2016TopicsOperational security, Design and configuration, Digital services

    There are a number of different architectural models that can be used to design the administration approach for IT systems. This section describes some common approaches and the risks associated with each.

  • HMG IA Maturity Model Independent Review

    Information01 Aug 2016TopicsOperational security, Risk management

    The Independent Review service involves an independent team of experienced CESG assessors conducting a detailed review of the Information Risk Management (IRM) arrangements within an organisation.

  • IA Maturity Model - Self Assessment and Supported Self Assessment

    Information01 Aug 2016TopicsOperational security, Risk management
  • What is a WARP

    Information01 Aug 2016TopicsOperational security, Risk management, Cyber attacks

    A WARP (Warning, Advice and Reporting Point) is a community-based service where members can receive and share up-to-date advice on information security threats, incidents and solutions.