How to approach Good Practice Guide 13 (GPG13) for CoCo compliance

Learning Guide

How to approach Good Practice Guide 13 (GPG13) for CoCo compliance

Good Practice Guide 13: Have you heard of it? If not, you're not alone. Many organisations know little about the guide, now in version 1.5 as of August 2010, and few have even made attempts at compliance.

The guide, however, is a mandatory aspect of CoCo compliance, a set of regulations that determines which organisations are allowed on the Government Connect Secure Extranet. This means, if your organisation wishes to achieve or maintain such permissions, now's the time to review the guide.

The bulk of GPG13's guidance has to do with protective monitoring, including technologies such as IDS/IPS, and policies for logging and log analysis. This overview of GPG13 comprises recent headlines regarding the guide, as well as an expert technical article from contributor Michael Cobb explaining exactly what the guide is, the technologies you may want to consider implementing for compliance, and advice on where to begin.

Organisations unaware of Good Practice Guide 13 monitoring guidelines
(see link below)
As of October 2010, only 38% of public-sector organisations are aware that CESG's Good Practice Guide 13 exists. This article explains the usefulness of the guide for deploying protective monitoring technologies and controls.

Company files at risk of employee data theft
(see link below)
Is it likely your organisation's employees would take company files with them if they leave their jobs? A recent survey sheds light on the threat of employee data theft, and gives advice on how adherence to GPG13 directives could prevent such data loss.

Good Practice Guide 13: Security monitoring policy for CoCo compliance
(see link below)
In this tip, security expert Michael Cobb explains the basic tenants of GPG13, including the 12 protective monitoring controls it prescribes, the necessary technologies for creating those controls, and how to perform risk assessments to make sure those technologies are commensurate with threat levels.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in December 2010


COMMENTS powered by Disqus  //  Commenting policy