Overview This document aims to assess the current cybersecurity threats faced by universities and academic institutions in the UK. The content will be valuable to both academic and non-academic personnel, particularly senior leaders, university council members, and researchers. We will evaluate the motivations behind attacks on the sector and the factors that contribute to their…
Overview This document provides an assessment of the current cyber security risks faced by universities and academic institutions in the UK. It serves as a valuable resource for both academic and non-academic staff, particularly for senior administrators, university council members, and those involved in research activities. Within this report, we will examine the various entities…
In October 2017, Chris Wallis found himself with his laptop on his lap aboard a crowded Megabus, speeding down the M40 towards Cheltenham. He was en route to engage with technical experts from the NCSC, having been selected to participate in their initiative designed for startup organizations. Chris’s startup, Intruder, was still in its infancy,…
In October 2017, Chris Wallis finds himself on a bustling Megabus heading towards Cheltenham, his laptop balanced on his lap. He is en route to engage with technical experts from the National Cyber Security Centre (NCSC), having been selected for their startup programme. At this time, his startup, Intruder, was just beginning, prompting Chris to…
Access to work resources via mobile devices or tablets while outside the office has become a common practice for many businesses in recent years. However, organizations that manage highly sensitive data and systems are often unable to adopt these practices without facing considerable security risks. In response to these challenges, the NCSC has introduced ‘Advanced…
In today’s business landscape, accessing work resources via mobile devices while away from the office has become a norm. Yet organizations that handle highly sensitive data are often unable to do so without facing significant security risks posed by advanced attackers. To tackle these challenges, the NCSC has introduced ‘Advanced Mobile Solutions’ (AMS). This comprehensive…
At the National Cyber Security Centre (NCSC), we focus on designing cryptography primarily for scenarios that demand long-term security or involve sensitive data, which leads us to adopt a very cautious approach to its implementation. The security needs we cater to are often mirrored in numerous commercial contexts; however, not all cryptographers may align with…
Securing Your Cloud Platform In This Guide Adapting to Cloud Environments Ensuring User Identity Authentication Validating Service Identity Authentications Implementing Access Controls Automating Security Enforcement Creating an Organizational Structure Effective Use of Workspaces Securing Networked Services Developing Observability Incident Preparedness Safeguarding Secrets Data Protection Strategies Ongoing Security Maintenance This guide provides comprehensive strategies for configuring…
Ensuring Secure Use of Cloud Platforms Overview of this Guidance Adapting to Cloud Environments User Identity Authentication Service Identity Authentication Implementing Access Controls Automating Security Enforcement Creating an Organisational Framework Effective Use of Workspaces Securing Networked Services Enhancing Observability Incident Preparedness Safeguarding Secrets Data Protection Protocols Ongoing Security Vigilance This guidance provides insights into configuring…
Remote access is a vital component of modern IT and operational technology environments. As organizations work towards resilience and redundancy, or manage resources across diverse locations, the necessity for secure remote access continues to grow. However, this capability brings significant risks: if legitimate users can access resources from remote locations, so can malicious actors. The…
