UK cyber security guidelines lack clarity, says IET

News

UK cyber security guidelines lack clarity, says IET

Warwick Ashford

The Institution of Engineering and Technology (IET) has called for greater clarity from the government about what cyber security advice it wants UK businesses to follow.

The UK government’s newly published Cyber Security Implementation Profile is intended to define minimum cyber hygiene for UK businesses.

iet.jpg

But the IET said government has previously endorsed the Top 20 Critical Security Controls, published by the Council on Cyber Security; and its own 10 Steps to cyber security: an executive companion.

“Having three separate sets of guidelines on cyber security, endorsing 20, 10 and 5 controls respectively, is very confusing,” said Hugh Boyes, IET cyber security lead.

“UK businesses are unlikely to understand which are the definitive guidelines and, worse still, there is a real danger they will ignore the advice altogether, simply because there is no clear message about which guidelines are most applicable to them.”

Boyes called on the government to issue clear guidance on when each of the three sets of guidelines is the most applicable.

“Even better would be if the government led from the front by auditing its own services against these latest guidelines, and then declared the results publicly as a matter of urgency,” he said.

Five basic controls

The Cyber Security Implementation Profile covers five basic controls that businesses need to consider:

  1. Secure configuration
  2. Access control
  3. Malware protection
  4. Patch management
  5. Firewalls and internet gateways

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy