Search - National Standard Microsite
Cloud Security Principles
Published by the National cyber security centre, this guidance document provides details and context on the following 14 cloud security principles.
1. Data in transit
2. Asset protection and resilience
3. Separation between users
4. Governance framework
5. Operational security
6. Personnel security
7. Secure development
8. Supply chain security
9. Secure user management
10. Identity and authentication
11. External interface protection
12. Secure service administration
13. Audit information for users
14. Secure use of the service
Cyber Security: Asset management
Step 3 from the 10 steps to Cyber Security covers asset management, ensuring you know what data and systems you manage, and what business need they support.
Asset management encompasses the way you can establish and maintain the required knowledge of your assets. Over time, systems generally grow organically, and it can be hard to maintain an understanding of all the assets within your environment. Incidents can occur as the result of not fully understanding an environment, whether it is an unpatched service, an exposed cloud storage account or a mis-classified document. Ensuring you know about all of these assets is a fundamental precursor to being able to understand and address the resulting risks. Understanding when your systems will no longer be supported can help you to better plan for upgrades and replacements, to help avoid running vulnerable legacy systems.
Cyber Security: Architecture and configuration
Step 4 from the 10 steps to Cyber Security covers how to design, build and maintain systems securely.
The technology and cyber security landscape is constantly evolving. To address this, organisations need to ensure that good cyber security is baked into their systems and services from the outset, and that those systems and services can be maintained and updated to adapt effectively to emerging threats and risks.
Cyber Security: Incident management
Step 9 from the 10 steps to Cyber Security covers how to plan your response to cyber incidents in advance.
Incidents can have a huge impact on an organisation in terms of cost, productivity and reputation. However, good incident management will reduce the impact when they do happen. Being able to detect and quickly respond to incidents will help to prevent further damage, reducing the financial and operational impact. Managing the incident whilst in the media spotlight will reduce the reputational impact. Finally, applying what you’ve learned in the aftermath of an incident will mean you are better prepared for any future incidents.
Cyber Security: Vulnerability management
Step 5 from the 10 steps to Cyber Security covers how to keep your systems protected throughout their lifecycle.
The majority of cyber security incidents are the result of attackers exploiting publicly disclosed vulnerabilities to gain access to systems and networks. Attackers will, often indiscriminately, seek to exploit vulnerabilities as soon as they have been disclosed. So it is important (and essential for any systems that are exploitable from the internet) to install security updates as soon as possible to protect your organisation. Some vulnerabilities may be harder to fix, and a good vulnerability management process will help you understand which ones are most serious and need addressing first.