UK cyber security guidelines lack clarity, says IET


UK cyber security guidelines lack clarity, says IET

Warwick Ashford

The Institution of Engineering and Technology (IET) has called for greater clarity from the government about what cyber security advice it wants UK businesses to follow.

The UK government’s newly published Cyber Security Implementation Profile is intended to define minimum cyber hygiene for UK businesses.


But the IET said government has previously endorsed the Top 20 Critical Security Controls, published by the Council on Cyber Security; and its own 10 Steps to cyber security: an executive companion.

“Having three separate sets of guidelines on cyber security, endorsing 20, 10 and 5 controls respectively, is very confusing,” said Hugh Boyes, IET cyber security lead.

“UK businesses are unlikely to understand which are the definitive guidelines and, worse still, there is a real danger they will ignore the advice altogether, simply because there is no clear message about which guidelines are most applicable to them.”

Boyes called on the government to issue clear guidance on when each of the three sets of guidelines is the most applicable.

“Even better would be if the government led from the front by auditing its own services against these latest guidelines, and then declared the results publicly as a matter of urgency,” he said.

Five basic controls

The Cyber Security Implementation Profile covers five basic controls that businesses need to consider:

  1. Secure configuration
  2. Access control
  3. Malware protection
  4. Patch management
  5. Firewalls and internet gateways


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy