UK government has just published its first attempt at setting a minimum cyber security standard for public sector organisations called the Minimum Cyber Security Standard (MCSS), which will be incorporated into the Government Functional Standard for Security.
Peter Batchelor, Director at Skybox Security, argues that although this might initially look like progress, the document is ambiguous in its design and departments need more guidance to achieve the best cybersecurity standards.
Peter Batchelor, Director at Skybox Security:
“The Government’s new Minimum Cyber Security Standard (MCSS) is a vital move towards improving the security of public sector organisations. However, it is unfortunate that it has not been accompanied by more detailed guidance to help them achieve compliance. Despite criticism, these organisations are taking cybersecurity seriously, but given tight budgets, they need the right technology and ample advice as to how their funding should be distributed.
“Section 6 states – Systems which handle sensitive information or key operational services shall be protected from exploitation of known vulnerabilities. The most effective way of meeting this particular requirement is by using technology that offers visibility of threats and vulnerabilities, but then analysing this information can be an overwhelming task for a small and overstretched team of public sector IT specialists. They are desperate for practical support that tells them what the priorities are to work on immediately and automates much of the workload of closing down vulnerabilities effectively.”