| Revision as of 11:08, 17 July 2023 edit51.149.8.48 (talk) →HistoryTags: Mobile edit Mobile web edit← Previous edit | Revision as of 03:15, 25 July 2023 edit undoUnbio4 (talk | contribs)303 edits Grammar and punctuationTags: Mobile edit Mobile web editNext edit → | ||
| Line 2: | Line 2: | ||
| ==History== | ==History== | ||
| The process was announced in April 2023.<ref>https://www.globalsecuritymag.com/Comment-on-Gov-Assure-process-part,20220413,124191</ref> Compared to previous cybersecurity for UK government bodies, the main change is the adoption of ]'s ].<ref>https://www.computerweekly.com/news/365535542/New-GovAssure-cyber-regime-launches-across-UK-government</ref> GovAssure is expected to help organisations guard against rising Russian attacks,<ref>https://techinformed.com/uk-issues-warning-over-new-russian-linked-cyber-threat/</ref> as well as new types of threat |
The process was announced in April 2023.<ref>https://www.globalsecuritymag.com/Comment-on-Gov-Assure-process-part,20220413,124191</ref> Compared to previous cybersecurity for UK government bodies, the main change is the adoption of the ]'s ].<ref>https://www.computerweekly.com/news/365535542/New-GovAssure-cyber-regime-launches-across-UK-government</ref> GovAssure is expected to help organisations guard against rising Russian attacks,<ref>https://techinformed.com/uk-issues-warning-over-new-russian-linked-cyber-threat/</ref> as well as new types of threat actors. | ||
| The first two departments to be assessed |
The first two departments to be assessed under the new scheme are the ] and the ], with C3IA assessing a selection of three systems at each.<ref>https://www.civilserviceworld.com/professions/article/govassure-home-office-beis-first-pilots-new-independent-cyber-audits-c3ia</ref> | ||
| ==Processes== | ==Processes== | ||
| * Government departments |
* Government departments and some other public-sector organisations, will have their cybersecurity reviewed under the GovAssure process; | ||
| * The controls are expected to be stricter than before, using NCSC's ] and its 14 key principles; | * The controls are expected to be stricter than before, using the NCSC's ] and its 14 key principles; | ||
| * The new process will be run by the ], with advice from ];<ref>https://www.gov.uk/government/news/government-launches-new-cyber-security-measures-to-tackle-ever-growing-threats--2</ref> | * The new process will be run by the ], with advice from ];<ref>https://www.gov.uk/government/news/government-launches-new-cyber-security-measures-to-tackle-ever-growing-threats--2</ref> | ||
| * Independent review |
* Independent review by third parties is required.<ref>https://www.csoonline.com/article/575145/uk-launches-govassure-cybersecurity-scheme-to-protect-government-it-functions.html</ref> | ||
| There is also increasing emphasis on post-incident recovery |
There is also increasing emphasis on post-incident recovery as part of the security strategy. | ||
| In parallel, a ] has been established |
In parallel, a ] has been established to counter the spread of disinformation.<ref>https://www.civilserviceworld.com/professions/article/departments-to-undergo-independent-audits-of-cyber-resilience</ref> | ||
| ==Further reading== | ==Further reading== | ||
Revision as of 03:15, 25 July 2023
GovAssure is a new cybersecurity regime for the UK government, starting in 2023.
History
The process was announced in April 2023. Compared to previous cybersecurity for UK government bodies, the main change is the adoption of the NCSC's Cyber Assessment Framework. GovAssure is expected to help organisations guard against rising Russian attacks, as well as new types of threat actors.
The first two departments to be assessed under the new scheme are the Department for Business, Energy, and Industrial Strategy and the Home Office, with C3IA assessing a selection of three systems at each.
Processes
- Government departments and some other public-sector organisations, will have their cybersecurity reviewed under the GovAssure process;
- The controls are expected to be stricter than before, using the NCSC's Cyber Assessment Framework and its 14 key principles;
- The new process will be run by the Government Security Group, with advice from NCSC;
- Independent review by third parties is required.
There is also increasing emphasis on post-incident recovery as part of the security strategy.
In parallel, a Government Information Cell has been established to counter the spread of disinformation.
Further reading
- UK Authority, "Government launches GovAssure cyber security scheme"
- Techinformed, "What can businesses learn from GovAssure?"
- Digit News, "Unpacking GovAssure, the New Government Cybersecurity Measures"
- Gov.uk blog: Developing An Inclusive and Skilled Cyber Security Profession
References
- https://www.globalsecuritymag.com/Comment-on-Gov-Assure-process-part,20220413,124191
- https://www.computerweekly.com/news/365535542/New-GovAssure-cyber-regime-launches-across-UK-government
- https://techinformed.com/uk-issues-warning-over-new-russian-linked-cyber-threat/
- https://www.civilserviceworld.com/professions/article/govassure-home-office-beis-first-pilots-new-independent-cyber-audits-c3ia
- https://www.gov.uk/government/news/government-launches-new-cyber-security-measures-to-tackle-ever-growing-threats--2
- https://www.csoonline.com/article/575145/uk-launches-govassure-cybersecurity-scheme-to-protect-government-it-functions.html
- https://www.civilserviceworld.com/professions/article/departments-to-undergo-independent-audits-of-cyber-resilience