"> Cyber risk (3/5) - Taking advantage of external resource » Socitm
Don't miss out!

President's Week 2020 June 8 - 12

Become a Socitm member today

Join a vibrant community of digital leaders who share a passion for transforming local, regional and national public services.

Find Out More

Become a member  

Publications Library

< Back to all publications
Cyber risk (3/5) - Taking advantage of external resource

Cyber risk (3/5) - Taking advantage of external resource

, ,

March 3, 2019

Part three of the Cyber Risk report.

Few organisations, if any, can be self-sufficient in their internal cyber resources. Apart from relying on specialist external services, such as penetration testing and virus filtering, councils are likely increasingly to be using other service providers for a wide range of cyber activities, from independent testing to routine monitoring software. In addition to internal auditors, external cyber specialist advisors can bring a level of knowledge and current expertise that it is hard to retain in-house, to check on the robustness and appropriateness of cyber resilience planning and implementation.

Not all of these services need be costly. Many, such as the advice and support from local WARPs and the NCSC are freely available. There is also a variety of basic network and systems tools that can be acquired at no or low cost and that can be used to target particular cyber risks, perhaps complementing, if not replacing, the more sophisticated technologies required to protect digital infrastructures.

Other services come at a price, especially the more sophisticated managed security services and tools. Methods too take resources to implement and to sustain them, and there is a need to consider the internal cyber roles necessary to oversee good practice.

Councils need to make adequate provision in their plans, processes and practices for the insurance and protection demanded in this modern digital age, since skimping on cyber protection can have serious consequences for the organisation and for citizens.

This requires the necessary prioritisation of cyber investment, with the CIO or Head of IT working with colleagues, including the CFO and emergency planners, to ensure an understanding of its value and importance in digital developments and in ensuring resilience of legacy IT services. A cyber strategy should harness the skills, tools and processes needed to anticipate changing cyber risks and should ensure strong governance to manage and mitigate them.

This is also an area where there is justification for sharing and pooling resources, best practices and methodology across public services. Benefits lie not only in economies of scale in staff and technologies, but also in sharing best practice and intelligence, and in protecting mutual interests.

This third in our series of cyber investigative reports looks at some of the common cyber standards, methods, technologies, and resources that are available to public service organisations as they plan their cyber strategies.

This publication requires Socitm membership to download, please login
Become a Socitm Member today