What is the NCSC?

The National Cyber Security Centre (NCSC) is the UK Government organisation responsible for advising and assisting the public and private sectors in improving cyber security, as well as supporting the most critical organisations in the country to remain secure, and is part of Government Communication Headquarters (GCHQ).

The NCSC also provides guidance and incident response measures when serious or widespread cyber issues are identified, in order to help minimise the overall impact on the UK.

The NCSC is based in London, and became operational in late 2016, bringing together the activities of the Communications Electronic Security Group (CESG), the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI).

You can find out more about the NCSC at https://www.ncsc.gov.uk/.

NCSC advice and guidance

The NCSC has produced advice and guidance on a range of cyber security subjects, including:

The NCSC also provides guidance based on person or type of organisation, including:

The NCSC has collated guidance too, in ‘collections’. The ‘top tips for staying secure online’ guidance collection includes:

NCSC guidance for businesses and other organisations

One of the most well-known pieces of NCSC guidance is ‘the 10 steps to cyber security’. First published in 2012, this guidance is now used by a majority of the FTSE350 and provides a simple view of ten areas that will help organisations protect themselves against the majority of cyber-attacks.

There’s also a white paper – “Common Cyber Attacks: Reducing the Impact” – to help organisations understand what a common cyber-attack looks like and how attackers typically undertake them.

Another area the NCSC has focussed on to provide useful advice is the incident response process, with exercises to help organisations work out where they are in terms of preparedness and practice their responses.

The ‘Exercise in a Box’ looks at the fundamental elements of cyber resilience, and the ‘cyber incident creation’ guidance helps organisations design and test more tailored responses.

Cyber Essentials

Cyber Essentials is the scheme developed by the NCSC to define, promote and assess good security practices. Cyber Essentials looks at security ‘controls’ in five key areas:

  1. Firewalls
  2. Secure configuration
  3. User access control
  4. Malware protection
  5. Patch management

It is estimated that proper implementation of the controls set out in Cyber Essentials will protect a business from around 80% of common cyber-attacks, so there’s a strong organisational benefit. It also demonstrates to stakeholders that an organisation takes security seriously.

Visit our page for more information about Cyber Essentials.