Build security in from the start
Include security at the start of the project. GTS Security team are to be involved in making each element secure instead of GTS security team attempting to add technical countermeasures to a finished product.
Training users and having clear processes for operation and management are important for security, as is doing realistic threat assessments and taking a balanced approach to managing risk.
Plan how to deny, and quickly recover from, malicious access. Make sure you have processes in place to record information about any attacks or breaches and use this data to improve defences. GTS will be integral to monitoring, resolving and restoring services in the majority of cases.
How to secure your technology
Working with the GTS security team, choose the appropriate level of security for your technology project. Consider the risks and have processes in place to mitigate against them and improve time to recovery.
You can protect the data and infrastructure by:
- following the principles set out in the IOMG wide Information Security Policy
- following the Office Cyber Security and Information Assurance information risk management policy
- designing and implementing the components of any system according to government best practice, and technical standards
