Revolutionise resident services with AWS: London Borough of Lambeth

Cyber Security Strategy (2024-2026) – Shared Technology Services

Shared Technology Services (Southwark, Lewisham, Brent) has developed a Cyber Security Strategy which outlines the council’s approach to cyber resilience and security.

The Shared Technology Services (STS) Cyber Security Strategy outlines a comprehensive approach to protect the digital assets and services of the London Boroughs of Brent, Lewisham, and Southwark. It aims to establish a robust cyber security framework to safeguard against evolving threats and ensure the continuity of critical services.

“It is imperative that we put the right controls in place to protect and react to cyber threats going forward. We have a strong relationship with National Cyber Security Centre and other private cyber agencies which we will harness to help us to protect the data of our citizens and our customers.”

Challenges

  • Increasing sophistication and frequency of cyber attacks targeting local government
  • Growing reliance on digital services and the need to protect sensitive data
  • Limited resources and budget constraints in local government
  • Rapidly evolving threat landscape requiring constant adaptation
  • Balancing security measures with user accessibility and productivity

Approach

The strategy is built around five key pillars:

  1. Identify: Develop an understanding of systems, assets, data, and capabilities to manage cyber security risks.
  2. Protect: Implement appropriate safeguards to ensure delivery of critical infrastructure services.
  3. Detect: Implement activities to identify the occurrence of cyber security events.
  4. Respond: Take action regarding a detected cyber security event.
  5. Recover: Maintain plans for resilience and restore capabilities or services impaired by cyber security events.

Key elements of the approach include:

  • Implementing the NCSC’s 10 Steps to Cyber Security framework
  • Conducting regular risk assessments and penetration testing
  • Enhancing staff awareness and training programs
  • Improving incident response and business continuity planning
  • Strengthening supply chain security measures
  • Adopting cloud-based security solutions

Outcomes and benefits

  • Enhanced protection of council data and services
  • Improved resilience against cyber attacks
  • Increased staff awareness and competence in cyber security
  • Better alignment with national and international security standards
  • Cost-effective security improvements through shared resources and knowledge
  • Improved ability to detect, respond to, and recover from cyber incidents

Lessons learnt

  • The importance of a holistic approach to cyber security
  • The need for continuous improvement and adaptation to evolving threats
  • The value of collaboration and knowledge sharing among partner organizations
  • The critical role of staff awareness and training in maintaining a strong security posture

View the original case study article at brent.gov.uk