UK cyber security community

The cyber security (or information assurance) community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy.[1] The following is a list of some of these stakeholders.

Government

According to a parliamentary committee the UK government is not doing enough to protect the nation against cyber attack.[2]

Cyber Aware

Cyber Aware is a cross-government awareness and behaviour campaign which provides advice on the simple measures individuals can take to protect themselves from cyber crime.

Cyber Security Operations Centre

In April 2016, the Ministry of Defence announced the creation of the Cyber Security Operations Centre (CSOC) "to protect the MOD's cyberspace from malicious actors" with a budget of over £40 million. It is located at MoD Corsham.[3][4]

Department for Digital, Culture, Media and Sport

The Department for Digital, Culture, Media and Sport is one of the lead government departments on cyber security policy, responsible for supporting & promoting the UK cyber security sector, promoting cyber security research and innovation, and working with the National Cyber Security Centre to help ensure all UK organisations are secure online and resilient to cyber threats.

Get Safe Online

Get Safe Online is a United Kingdom-based campaign and national initiative to teach citizens about basic computer security and internet privacy.

National Crime Agency (NCA)

The National Crime Agency (NCA) hosts the law enforcement cyber crime unit, incorporating the Child Exploitation and Online Protection Centre.

National Cyber Force (NCF)

The National Cyber Force consolidates offensive cyber capabilities from the Ministry of Defence and GCHQ.

National Cyber Security Centre

The National Cyber Security Centre is the UK’s authority on cyber security; its parent organisation is GCHQ. It absorbed and replaced CESG (the information security arm of GCHQ) as well as the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI). NCSC provides advice and support for the public and private sector in how to avoid cyber threats.[5]

CESG (originally Communications-Electronics Security Group) was a branch of GCHQ which worked to secure the communications and information systems of the government and critical parts of UK national infrastructure. The NPSA provided protective security advice to businesses and organisations across the national infrastructure.

National Security Council

The National Security Council is a Cabinet committee tasked with overseeing all issues related to national security, intelligence coordination, and defence strategy.

Office of Cyber Security and Information Assurance

The Office of Cyber Security and Information Assurance (OCSIA) supports the Minister for the Cabinet Office, the Rt Hon Francis Maude MP and the National Security Council in determining priorities in relation to securing cyberspace. The unit provides strategic direction and coordinates action relating to enhancing cyber security and information assurance in the UK. The OCSIA is headed by James Quinault.[6]

Trustworthy Software Initiative

The Trustworthy Software Initiative (TSI)[7] is a UK public good activity, sponsored[8] by the UK government's NPSA, aimed at 'making software better'.

Warning, Advice and Reporting Points (WARPs)

Warning, Advice and Reporting Points (WARPs) provide a trusted environment where members of a community can share problems and solutions.[9]

Professional bodies and industry groups

UK Cyber Security Forum

The UK Cyber Security Forum is a social enterprise representing cyber SME's (Small and Medium Enterprise) in the UK. The forum is composed of 20 regional cyber clusters around the UK. Each cluster is run as a subsidiary of the UK Cyber Security Forum and all are operated by groups of volunteers. They provide events around the UK to engage the public in cyber security and to provide continued professional development to cyber professionals. The official clusters are:

UK Cyber Clusters
Bristol and Bath Cyber
Bournemouth Cyber Cluster
Cambridge Cluster
East Midlands
London
Malvern Cluster
Norfolk Cyber Cluster
North East Cyber Cluster
North Wales
North West Cluster
N Somerset Cluster
Oxford
Scottish Cyber Cluster
Solent Cyber Cluster
South Wales
South West Cyber Cluster (Exeter)
Sussex Cluster
Thames Valley Cluster
West Midlands Cluster
Yorkshire Cluster

ADS

ADS is a trade organisation for companies operating in the UK aerospace, defence, security and space industries.[10]

Business Continuity Institute (BCI)

The Business Continuity Institute (BCI) was established in 1994 to enable individual members to obtain guidance and support from fellow business continuity practitioners. BCI has a six certification standards to ensure individual practitioners literacy in organizations, responses, and other strategies.[11]

Council of Registered Ethical Security Testers (CREST)

Not for profit accreditation and certification organization.[12] CREST does not have its own study material and leverage on 3rd party coursework so that the member can become certified. As of 24/8/2022, the cost of CREST membership is 5000GBP for Membership of one country Chapter and 25000GBP for a regional membership. On two occasions between 2012 and 2014, the examination-related activities of one of more NCC Group employees and candidates breached the CREST Code of Conduct and NCC Group was, as their employer, vicariously responsible for those individuals at the time

Crypto Developers Forum

The CDF promotes the global interests of the UK crypto development industry.[13]

Information Assurance Advisory Council (IAAC)

The Information Assurance Advisory Council (IAAC) works across industry, government and academia towards ensuring the UK’s information society has a robust, resilient and secure foundation.[14] The IAAC was set up by Baroness Neville-Jones who chaired the organisation until 2007,[15] handing over to the current chairman Sir Edmund Burton. Affiliates include BT Group, Northrop Grumman, QinetiQ, Raytheon, PwC, O2 UK, Ultra Electronics and GlaxoSmithKline.[16] The 2012/13 work programme focused on consumerisation and its effects on information assurance.

Information Assurance Collaboration Group (IACG)

The IACG was formed following the UK's national IA conference in 2006.[17] The IACG encourages greater collaboration between the commercial supply base for information assurance products and services operating within the UK public sector.[18] Stakeholders include CESG, BIS, the Office of Cyber Security and Information Assurance (OCSIA), Cyber Security Operations Centre (CSOC),[19] and the NPSA. The group maintains the UK information assurance community map,[20] hosted on the CESG's web site. It has two co-chairs: Colin Robbins of Nexor and Ross Parsell of Thales. The IACG ceased operation in 2014.

Information Systems Security Association (ISSA)

The Information Systems Security Association (ISSA) is a not-for-profit, international professional organization of information security professionals and practitioners. There is a UK chapter.[21]

Institute of Information Security Professionals (IISP)

The Institute of Information Security Professionals (IISP) is an independent, non-profit body governed by its members, with the principal objective of advancing the professionalism of information security practitioners and thereby the professionalism of the industry as a whole.

ISACA

ISACA is an international professional association that deals with IT governance. Previously known as the Information Systems Audit and Control Association.

(ISC)²

(ISC)² is the International Information Systems Security Certification Consortium is a non-profit organization which specializes in information security education and certifications.

NDI UK

NDI is a former government-funded organisation building supply chains for the MOD and manufacturers using SMEs in the United Kingdom.[22]

TechUK

TechUK, formerly known as Intellect, is a UK trade association for the technology industry.[23] It has a Cyber Security Group focused on “high threat” areas – including defence, national security and resilience, protection of critical national infrastructure, intelligence, and organised crime, chaired by Dr Andrew Rogoyski of Roke Manor Research.[24] The Security and Resilience Group works to build relationships between the technology industry and policymakers, customers and end users, and is chaired by Stephen Kingan of Nexor.[25]

Tigerscheme

Tigerscheme is a commercial certification scheme for technical security specialists, backed by university standards and covering a wide range of expertise.[26]

Tigerscheme is CESG certified in the UK and candidates are subject to an independent rigorous academic assessment authority. Tigerscheme was founded in 2007 on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring a recognised and reputable company. In June 2014 the operational authority for Tigerscheme was transferred to USW Commercial Services Ltd.

UK Cloud Pooled Audit Group (UK CPAG)

UK CPAG is a membership organisation consisting of the UK's largest banks. Established in 2020 with a mission to use the collective power of the banks to audit Cloud Service Providers such as Google, Amazon and Microsoft. The group is operated by the Worshipful Company of Information Technologists

UK Council for Electronic Business

UKCeB is a not-for-profit, membership organisation whose mission is to transform secure information sharing for through life collaboration in defence acquisition and support.[27]

British Computer Society (BCS)

The British Computer Society (BCS) is a professional body and a learned society that represents those working in information technology both in the United Kingdom and internationally. It has a security, data and privacy group.[28]

Cyber Scheme

The Cyber Scheme is a not for profit professional examination body under contract to the National Cyber Security Centre to provide technical exams in support of the Governments assured Penetration testing company scheme CHECK. The exams are independent and rigorous and are conducted for Practitioner Team member level and Team leader levels.

Association of Cyber Forensics and Threat Investigators (ACFTI)

The Association of Cyber Forensics and Threat Investigators (ACFTI) is a not-for-profit, international professional organization focusing on the academics and research of cybersecurity, digital forensics, incident response, and threat investigations and their influence to the society. The vision of the Association is to promote research and education in cybersecurity, digital forensics, incident response, and threat investigations fields and to contribute to the creation and dissemination of knowledge and technology in these domains.[29]

Academic

Academic Centres of Excellence in Cyber Security Research

NCSC has accredited several Academic Centres of Excellence in Cyber Security Research:[30]

University of South Wales Information Security Research Group

The Information Security Research Group (ISRG) at the University of South Wales is a multidisciplinary team of academics and industrial experts focusing upon cyber security.[31]

In particular the group is focusing upon:

  • Network security
  • Intrusion detection and wireless security
  • Penetration testing and vulnerability assessment
  • Computer forensics and digital evidence visualisation
  • Threat assessment and risk management

De Montfort University Cyber Security Centre

The Cyber Security Centre (CSC) at De Montfort University is a multidisciplinary group of academics who focus on a wide variety of cyber security and digital forensics issues. The Centre's mission is to provide the full benefits to all of a safe, secure and resilient cyberspace.[32]

See also

References

  1. "UK Cyber Security Strategy".
  2. UK 'wholly' unprepared to stop devastating cyber-attack, MPs warn The Guardian
  3. "Defence Secretary announces £40m Cyber Security Operations Centre". Ministry of Defence. 1 April 2016. Archived from the original on 25 April 2019. Retrieved 2 April 2016.
  4. Hammick, Murray (30 October 2018). "The Budget and Defence". The Military Times. London. Archived from the original on 22 October 2019. Retrieved 7 May 2020.
  5. HM Government (1 November 2016). "National Cyber Security Strategy 2016-2021" (PDF). gov.uk. Retrieved 2 November 2016.
  6. "OCSIA". Archived from the original on 2013-01-23. Retrieved 2013-01-14.
  7. UK Trustworthy Software Initiative, retrieved 4 January 2014
  8. Protecting and promoting the UK in a digital world: 2 years on – Government Press Release, retrieved 12 December 2013
  9. "WARP".
  10. "ADS".
  11. Kaye, David. (2008). Managing risk and resilience in the supply chain. London [England]: BSI Business Information. ISBN 978-1-62198-414-6. OCLC 849744629.
  12. "Home". crest-approved.org.
  13. "CDF".
  14. "IAAC". Archived from the original on 2018-04-10. Retrieved 2013-01-14.
  15. "IAAC - Neville-Jones".
  16. "IAAC Sponsors". Archived from the original on 2017-06-07. Retrieved 2016-05-17.
  17. "Establishment of the IACG". National Archives. Archived from the original on 2008-03-05.
  18. "IACG Overview".
  19. "CSOC". 12 March 2010.
  20. "IA Community Map" (PDF). Archived from the original (PDF) on 2013-07-31. Retrieved 2013-01-14.
  21. "ISSA UK".
  22. "NDI UK". Archived from the original on 2016-10-21. Retrieved 2013-08-21.
  23. "techUK".
  24. "Intellect Cyber Security". Archived from the original on 2013-06-14. Retrieved 2013-01-14.
  25. "Intellect Defence & Security". Archived from the original on 2013-06-14. Retrieved 2013-01-16.
  26. "Home". tigerscheme.org.
  27. "UK CeB".
  28. "BCS Security".
  29. "ACFTI UK".
  30. "Academic Centres of Excellence in Cyber Security Research". NSCS.
  31. "ISRG".
  32. "DeMontFort Cyber Security Centre".
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.