To remain secure a digital service needs to be well operated and maintained. If it doesn’t evolve in response to the latest threats it will become more vulnerable and easier to compromise as time goes on. There are two crucial aspects to this, vulnerability management and monitoring.
Vulnerability management and patching
It’s vital to keep components within the service up-to-date, and to apply the latest security patches as soon as they become available. Our guidance on vulnerability management can help you understand the importance of this, and how to prioritise applying patches.
Security operations and monitoring
You should operate your service on the assumption that it will be attacked. You need to be monitoring the service for attempts to compromise it, and be able to manage security incidents as they occur. Please see our advice on security operations and monitoring and incident response.