Cisco Issues New Patches for Critical Firewall Software Vulnerability
The vulnerability has a CVSS base score of 10.0, the highest possible, and...
Announcing the NCSC’s new Phishing Guidance
I'm delighted to announce the publication today of our new guidance, Phishing Attacks: Defending...
Research into dealing with weak domain passwords
Update We are no longer looking for participants for this study, but we...
Active Cyber Defence – one year on
In November 2016, just after the NCSC formally came into existence, and as...
JenX Botnet Has Grand Theft Auto Hook
A GTA hosting site is offering powerful DDoS attacks for $20 a pop,...
New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices
Two new WD My Cloud vulnerabilities have been identified, adding to last month’s...
Crypto Miners May Be the ‘New Payload of Choice’ for Attackers
Crypto mining botnets provide a stealthy way to generate big bucks, without the...
Massive Smominru Cryptocurrency Botnet Rakes In Millions
Researchers say Smominru threat actors are in control of 500,000 node botnet and...
Updating our Factory Reset Guidance
We’ve just published new End User Devices Factory Reset Guidance on our website. We hope...
Cisco Patches Critical VPN Vulnerability
Cisco Systems released a patch Monday to fix a critical security vulnerability, with...
NCSC IT: How the NCSC built its own IT system
“When are you going to share the design of the NCSC IT system?”...
B3. Data security
Principle Data stored or transmitted electronically is protected from actions such as unauthorised...
Objective D: Minimising the impact of cyber security incidents
Principles under this Objective D1. Response and recovery planning Putting suitable incident management...
The principles of supply chain security
Introduction The guidance will provide organisations with an improved awareness of supply chain...
C1. Security monitoring
Principle The organisation monitors the security status of the networks and systems supporting...
Objective C: Detecting cyber security events
Principles under this Objective C1. Security Monitoring Monitoring to detect potential security problems...
B2. Identity and access control
Principle The organisation understands, documents and manages access to systems and functions supporting...
A1. Governance
Principle The organisation has appropriate management policies and processes in place to govern...
Objective B: Protecting against cyber attack
Principles under this Objective B1. Service protection policies and processes Defining and communicating...
NIS Directive: Top-level objectives
Introduction The implementation of Article 14 of the NIS Directive is described via...
Supply chain security collection
Proposing a series of 12 principles, designed to help you establish effective control and...
III. Check your arrangements
10. Build assurance activities into your supply chain management Require those suppliers who...
Objective A. Managing security risk
Principles under this Objective A1. Governance Putting in place the policies and processes...
IV. Continuous improvement
11. Encourage the continuous improvement of security within your supply chain Encourage your...
B1. Service protection policies and processes
Principle The organisation defines, implements, communicates and enforces appropriate policies and processes that...
Introduction to the NIS Directive
General Introduction What does the NIS Directive cover and when will it...
D1. Response and recovery planning
Principle There are well-defined and tested incident management processes in place, that aim...
A4. Supply chain
Principle The organisation understands and manages security risks to networks and information systems...
Supply chain security: 12 Principles infographic
This guidance has been produced to help organisations gain and maintain control of...
D2. Lessons learned
Principle When an incident occurs, steps must be taken to understand its root...

