Cyber hygiene refers to a set of housekeeping functions that IT system administrators and users can undertake to improve their security posture whilst online. The term was coined by one of the fathers of the Internet, Vint Cerf around 2003 – he was quoted as saying –
It is my judgment that the Internet itself is for the most part secure, though there are steps we know can be taken to improve security and resilience. Most of the vulnerabilities arise from those who use the Internet–companies, governments, academic institutions, and individuals alike–but who do not practice what I refer to as good cyber hygiene. They are not sufficiently sensitive to the need to protect the security of the Internet community of which they are a part. The openness of the Internet is both its blessing and its curse when it comes to security.
13 years since Mr. Cerf made these comments many organisations today are still not getting the right cyber hygiene practices in place so that systems, devices and users are suitably protected against internet borne threats. Most people would readily acknowledge that in the last 13 years malicious cyber activity has exploded and is now a high profile issue.
In various parts of the world industry bodies and governments have produced frameworks, programmes and guidance documents that in essence are cyber hygiene focussed. These initiatives are valuable as they reinforce the importance of getting the basics right. If adopted they may help an organisation break the cycle of applying short term emergency measures – including buying more technical controls – to address a cyber security issue.
Crucial to getting cyber hygiene improvements in place and working are some non-technical elements – developing comprehensive “standards based” IT Policies, delivering security awareness training and documenting procedures. These elements will see that best practices are being consistently applied and foster a change in IT culture.
At Protocol Policy Systems we assist Local Government organisations get new IT Policy foundations in place from scratch or we replace their outdated policies, as they often have not been maintained over time. Giving high priority to writing new policies or editing existing policies is a challenge for most organisations and often a policy project is initiated but never actually seen through to a conclusion.
Our delivery methodology sees our Consultants work with a customer to complete a project typically in under 8 weeks (elapsed timeframe). The comprehensive suite of policies we provide is mapped to standards including ISO27002, PCI, PSN and once in place we then provide the ongoing housekeeping assistance so the policies stay relevant to the organisation. This project will bring focus to bear on cyber hygiene controls and assist in providing the organisation with a solid code of practice for information security.
Read how the team at Buckinghamshire County Council worked with Protocol Policy Systems to deliver a comprehensive suite of IT Policies to the organisation. Click here
If you are attending the Socitm Spring Conference on Thursday 21st April, call by and see us on Stand 2 in the exhibitor area.