Understanding Software as a Service (SaaS) security
An outline of the NCSC's approach to understanding the security of Software as a Service (SaaS) offerings.
NCSC Feed
Ransomware: 'WannaCry' guidance for enterprise administrators
5 years 8 months ago
Guidance for enterprise administrators who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).
Growing positive security cultures
5 years 8 months ago
If your security culture isn't improving naturally, here's what you can do about it.
Maturity models in cyber security: what's happening to the IAMM?
5 years 8 months ago
Here we explain a bit about maturity models, look at how they've been used for cyber security, and explain why the NCSC is no longer supporting the IA Maturity Model (IAMM) introduced in 2008.
Operational technologies
5 years 8 months ago
Making sense of cyber security in OT environments
The Cyber Threat to UK Business
5 years 9 months ago
First joint National Cyber Security Centre (NCSC) and National Crime Agency (NCA) report published today.
CERT-UK Annual Report 2015/16
5 years 9 months ago
Provisioning and securing security certificates
5 years 10 months ago
How certificates should be initially provisioned, and how supporting infrastructure should be securely operated.
"Do what I mean!" - time to focus on developer intent
5 years 10 months ago
In this post I propose that the software development community should work on developing and then standardising security-related libraries that focus on what the developer is trying to achieve.
Are security questions leaving a gap in your security?
5 years 10 months ago
Even the best authentication can't help you if there is an easy way to bypass it.
Cyber resilience - nothing to sneeze at
5 years 11 months ago
David K introduces the concept of cyber resilience, and the benefits it brings.
Protecting system administration with PAM
5 years 11 months ago
Remote system administration provides powerful and flexible access to systems and services.
Preparing for denial of service (DoS) attacks
5 years 11 months ago
It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond, in the event your service is subjected to an attack.
Developing the cyber security profession – have your say!
5 years 11 months ago
Chris Ensor discusses the government's proposal to develop the cyber security profession in the UK.
Managing the risk of cloud-enabled products
5 years 11 months ago
Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.
GDPR security outcomes
5 years 11 months ago
This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.
There's a hole in my bucket
5 years 11 months ago
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
Joint report on publicly available hacking tools
6 years ago
How to limit the effectiveness of tools commonly used by malicious actors.
Stepping up to multi-factor authentication
6 years ago
New guidance on implementing MFA to better secure online services
Phishing, spear phishing and whaling; does it change the price of phish?
6 years ago
Regardless of the type of phish, you'll still need multiple layers of defence to protect your organisation.
Checked
55 minutes 2 seconds ago
This includes feeds from report, guidance and blog-post
NCSC Feed feed