Misplaced Pages

GovAssure: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editContent deleted Content addedVisualWikitext
Revision as of 11:07, 17 July 2023 edit51.149.8.48 (talk) HistoryTags: Mobile edit Mobile web edit← Previous edit Latest revision as of 13:19, 29 April 2024 edit undoMapReader (talk | contribs)Extended confirmed users29,791 edits History: Per citationTags: Mobile edit Mobile web edit 
(9 intermediate revisions by 3 users not shown)
Line 2: Line 2:


==History== ==History==
The process was announced in April 2023.<ref>https://www.globalsecuritymag.com/Comment-on-Gov-Assure-process-part,20220413,124191</ref> Compared to previous cybersecurity for UK government bodies, the main change is the adoption of ]'s ].<ref>https://www.computerweekly.com/news/365535542/New-GovAssure-cyber-regime-launches-across-UK-government</ref> GovAssure expected to help organisations guard against rising Russian attacks,<ref>https://techinformed.com/uk-issues-warning-over-new-russian-linked-cyber-threat/</ref> as well as new types of threat actor. The process was announced in 2022.<ref>{{Cite web |date=2023-08-24 |title=Comment on Gov Assure process part of the UK's National Cyber Strategy 2022 programme |url=https://www.globalsecuritymag.com/Comment-on-Gov-Assure-process-part,20220413,124191.html |access-date=2023-08-24 |website=Global Security Mag Online |language=en}}</ref> Compared to previous cybersecurity for UK government bodies, the main change is the adoption of the ]'s ].<ref>{{Cite web |title=New GovAssure cyber regime launches across UK government {{!}} Computer Weekly |url=https://www.computerweekly.com/news/365535542/New-GovAssure-cyber-regime-launches-across-UK-government |access-date=2023-08-24 |website=ComputerWeekly.com |language=en}}</ref> GovAssure is expected to help organisations guard against rising Russian attacks,<ref>{{Cite web |last=Deslandes |first=Nicole |date=2023-04-19 |title=UK issues warning over new Russian-linked cyber threat |url=https://techinformed.com/uk-issues-warning-over-new-russian-linked-cyber-threat/ |access-date=2023-08-24 |website=TechInformed |language=en-US}}</ref> as well as new types of threat actors.


The first two departments to be assessed, under the new scheme, are the ] and the ], with C3IA assessing a selection of three systems at each.<ref>https://www.civilserviceworld.com/professions/article/govassure-home-office-beis-first-pilots-new-independent-cyber-audits-c3ia</ref> The first two departments to be assessed under the new scheme are the ] and the ], with C3IA assessing a selection of three systems at each.<ref>{{Cite web |date=2023-01-18 |title=Home Office and BEIS first under the microscope in pilots of new cyber audits |url=https://www.civilserviceworld.com/professions/article/govassure-home-office-beis-first-pilots-new-independent-cyber-audits-c3ia |access-date=2023-08-24 |website=Civil Service World |language=en}}</ref>


==Processes== ==Processes==
* Government departments, and some other public-sector organisations, will have their cybersecurity reviewed under the GovAssure process; * Government departments and some other public-sector organisations, will have their cybersecurity reviewed under the GovAssure process;
* The controls are expected to be stricter than before, using NCSC's ] and its 14 key principles; * The controls are expected to be stricter than before, using the NCSC's ] and its 14 key principles;
* The new process will be run by the ], with advice from ];<ref>https://www.gov.uk/government/news/government-launches-new-cyber-security-measures-to-tackle-ever-growing-threats--2</ref> * The new process will be run by the ], with advice from ];<ref>{{Cite web |title=Government launches new cyber security measures to tackle ever growing threats |url=https://www.gov.uk/government/news/government-launches-new-cyber-security-measures-to-tackle-ever-growing-threats--2 |access-date=2023-08-24 |website=GOV.UK |language=en}}</ref>
* Independent review, by third parties, is required.<ref>https://www.csoonline.com/article/575145/uk-launches-govassure-cybersecurity-scheme-to-protect-government-it-functions.html</ref> * Independent review by third parties is required.<ref>{{Cite web |title=UK launches GovAssure cybersecurity scheme to protect government IT functions |url=https://www.csoonline.com/article/575145/uk-launches-govassure-cybersecurity-scheme-to-protect-government-it-functions.html |access-date=2023-08-24 |website=CSO Online |language=en-US}}</ref>
There is also increasing emphasis on post-incident recovery, as part of security strategy. There is also increasing emphasis on post-incident recovery as part of the security strategy.


In parallel, a ] has been established, to counter the spread of disinformation.<ref>https://www.civilserviceworld.com/professions/article/departments-to-undergo-independent-audits-of-cyber-resilience</ref> In parallel, a ] has been established to counter the spread of disinformation.<ref>{{Cite web |date=2022-04-08 |title=Departments to undergo independent audits of cyber resilience |url=https://www.civilserviceworld.com/professions/article/departments-to-undergo-independent-audits-of-cyber-resilience |access-date=2023-08-24 |website=Civil Service World |language=en}}</ref>


==Further reading== ==Further reading==

Latest revision as of 13:19, 29 April 2024

GovAssure is a new cybersecurity regime for the UK government, starting in 2023.

History

The process was announced in 2022. Compared to previous cybersecurity for UK government bodies, the main change is the adoption of the NCSC's Cyber Assessment Framework. GovAssure is expected to help organisations guard against rising Russian attacks, as well as new types of threat actors.

The first two departments to be assessed under the new scheme are the Department for Business, Energy, and Industrial Strategy and the Home Office, with C3IA assessing a selection of three systems at each.

Processes

  • Government departments and some other public-sector organisations, will have their cybersecurity reviewed under the GovAssure process;
  • The controls are expected to be stricter than before, using the NCSC's Cyber Assessment Framework and its 14 key principles;
  • The new process will be run by the Government Security Group, with advice from NCSC;
  • Independent review by third parties is required.

There is also increasing emphasis on post-incident recovery as part of the security strategy.

In parallel, a Government Information Cell has been established to counter the spread of disinformation.

Further reading

References

  1. "Comment on Gov Assure process part of the UK's National Cyber Strategy 2022 programme". Global Security Mag Online. 2023-08-24. Retrieved 2023-08-24.
  2. "New GovAssure cyber regime launches across UK government | Computer Weekly". ComputerWeekly.com. Retrieved 2023-08-24.
  3. Deslandes, Nicole (2023-04-19). "UK issues warning over new Russian-linked cyber threat". TechInformed. Retrieved 2023-08-24.
  4. "Home Office and BEIS first under the microscope in pilots of new cyber audits". Civil Service World. 2023-01-18. Retrieved 2023-08-24.
  5. "Government launches new cyber security measures to tackle ever growing threats". GOV.UK. Retrieved 2023-08-24.
  6. "UK launches GovAssure cybersecurity scheme to protect government IT functions". CSO Online. Retrieved 2023-08-24.
  7. "Departments to undergo independent audits of cyber resilience". Civil Service World. 2022-04-08. Retrieved 2023-08-24.
Categories: