The Institution of Engineering and Technology (IET) has called for greater clarity from the government about what cyber security advice it wants UK businesses to follow.
The UK government’s newly published Cyber Security Implementation Profile is intended to define minimum cyber hygiene for UK businesses.
But the IET said government has previously endorsed the Top 20 Critical Security Controls, published by the Council on Cyber Security; and its own 10 Steps to cyber security: an executive companion.
“Having three separate sets of guidelines on cyber security, endorsing 20, 10 and 5 controls respectively, is very confusing,” said Hugh Boyes, IET cyber security lead.
“UK businesses are unlikely to understand which are the definitive guidelines and, worse still, there is a real danger they will ignore the advice altogether, simply because there is no clear message about which guidelines are most applicable to them.”
Read more about the IET
- UK critical infrastructure at risk of cyber attack, says IET report
- IET awards £200,000 in scholarships and awards for computer science and engineering students
- IET spends £500k in bid to woo STEM pupils
- Programmers must be literate, Donald Knuth tells IET in Turing Lecture
- BCS and IET join forces
- University of Essex' robotic fish enter IET awards
- BCS to partner with IET to drive IT professionalism
- Engineering and technology sector faces skills shortage, IET warns
- IET calls on government to set example over Windows XP
Boyes called on the government to issue clear guidance on when each of the three sets of guidelines is the most applicable.
“Even better would be if the government led from the front by auditing its own services against these latest guidelines, and then declared the results publicly as a matter of urgency,” he said.
Five basic controls
The Cyber Security Implementation Profile covers five basic controls that businesses need to consider:
- Secure configuration
- Access control
- Malware protection
- Patch management
- Firewalls and internet gateways