Cyber Sprint Notes #2
Covering 24 February — 9 March 2021
Welcome back to our Cyber Sprint Notes, an opportunity to catch up on the progress of the Local Digital Collaboration Unit’s Cyber team.
This sprint we completed research with 7 different users from across a variety of local and county councils, with responsibility for cyber security within their organisation. The topics we covered were:
- Their experience with existing frameworks
- Can we deliver a framework for a wide variety of councils?
- Experience working in their organisation
Some of the key findings from this first round of research include:
- The idea of a centralised framework was received positively
- The perception of this framework as being required in order to share data would help to generate leverage
- We can provide value by reducing duplicate audit work
- A holistic framework beyond ‘IT’ could help set expectations of cyber
We’re still looking for user research participants from councils and supporting services — find out more and apply to take part.
We have completed a review of 30 frameworks, which included an extensive evaluation of 10 existing cyber security frameworks, including those used in North America, the CPNI/SANS 20 Critical Controls for Cyber Defence and the National Cyber Security Centre’s Cyber Essentials Plus framework.
We have also agreed a clear hypothesis of what we want to test during sprint #3. We will be potentially developing and testing three variants of the prototypes in the coming sprint. These are based on the following approaches:
1. A single threshold approach, against which all councils can measure themselves
2. A tailored approach, using milestones that can be filtered depending on need
3. A decision tree, module approach that uses a series of questions
We will also be testing content and putting together a draft framework to test with users.
You can read more about the project and our goals in this kick off blog post.
If you’re working on a related project and are interested in collaborating with us, please email firstname.lastname@example.org.
Since the Cyber Support remediation work launched in November, we’ve worked with selected councils to reduce their cyber risk through guidance, tools and technical support. We have now completed all the workshops with councils, and prepared a report and agreed a cyber treatment plan for each.
Grant funding applications have been submitted and approved for each council, and funds have now been made available to enable immediate remediation activity to begin.
We have scheduled a series of one-to-one cyber support sessions and will be available to assist councils in the delivery and implementation of the cyber treatment plan.
We have our first three cyber clinics scheduled for the selected councils to demonstrate some of the technical solutions we have readily available. Twice weekly drop-in sessions are also scheduled for support and guidance, and as a way of keeping in touch during the implementation of cyber enhancements.
We have started analysing the information gathered as part of the workshops and ongoing cyber support sessions, and will be sharing some initial findings in a blog post shortly.
Join the Cyber show and tells
If you work in a national or local government agency and would like to find out more about our work, come along to our upcoming show and tells:
- Friday 12 March, 11:30am–12:00pm — an update from the Cyber Health project
- Friday 26 March, 11:30am–12:15pm — updates from both projects
- Friday 9 April, 11:30am–12:00pm — an update from the Cyber Health project
- Friday 23 April, 11:30am–12:15pm — updates from both projects
Click here to request joining details. We look forward to seeing you there.