Now published: the NCSC’s new guidance on risk management for cyber security

A few weeks ago, we said that we’d be publishing the first phase of our new risk management guidance soon. I’m pleased to announce that this guidance has now been published.

It comprises some introductory material which supports two very different (but complementary) techniques of looking at risk.

  • Component-driven risk management focuses on technical components, and the threats and vulnerabilities they face.
  • System-driven risk management takes the opposite view, and analyses systems as a whole.

Note that we’ll be introducing different techniques in future editions of this guidance. When we do, we’ll describe the types of problem each technique is suitable (or not) to apply to.

To be clear, we do not provide blueprints and step-by-step instructions on how to apply techniques that are already out there. But we will describe some of the core concepts behind each type of technique, and signpost to more detailed guidance on how techniques can be practically applied.

A common thread runs through all of this guidance; cyber risk is too complex to be managed using a single method. To manage cyber risks effectively, we need to be able to apply a variety of different techniques. This requires us to understand the strengths and weaknesses of the techniques we’re familiar with, so that we can select and apply alternatives.

This guidance is a part of the NCSC’s own learning process. That process begins with our own research, but then is guided by feedback from people who use it and apply it. For this reason, we’d like you to give us your feedback. What do you like about it? What don’t you like? What would you like to see in the next phase of this guidance? Have you applied any of it? If so, please let us know.

We do hope you find the guidance useful.

John Y

Risk Research Lead

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!