Cyber Security team
The Cyber Security team provide service teams with self-service tools and systems making GDS more secure overall by:
- reducing the number of cyber security incidents
- speeding up incident detection making GDS more difficult to attack
The Cyber Security team has 5 principles:
- use threat intelligence - to inform and prioritise the risk
- focus on delivery - to work in small agile delivery teams
- use multidisciplinary teams - to make the most of its technical expertise
- build autonomous products and services - to scale and increase efficiency
- actionable self-service security - to make sure service teams can keep themselves secure
Use threat intelligence to inform strategy
The Cyber Security team use threat intelligence to inform and prioritise security risks and apply the appropriate and proportionate level of security controls for GDS.
The team’s strategy uses:
- threat intelligence to inform their priorities
- security risks to inform their work
- user needs to inform how they minimise security risks
Focus on delivery
The Cyber Security team works in 4 small Agile, multidisciplinary teams that work in a sustainable, effective and user-centered way. The teams are organised around:
- operational intelligence
- incident response
Provide autonomous and self-service tools to detect security issues in near real-time and enforce actionable policies.
Deliver intelligent, actionable and self-service security monitoring and threat intelligence to teams. This provides direct visibility of their services allowing them to maintain and improve security.
Developing a better organisational security awareness by improving cyber security behaviour and processes across GDS. For example, by providing guidance about:
- how to not get phished - 10 ways to spot a phishing email
- managing your passwords securely - 10 reasons why you should be using LastPass
- threat intelligence - sign up to a daily and weekly threat intelligence newsletter
Supplying incident response management to GDS.
Use multidisciplinary teams
Cyber Security teams are multidisciplinary containing specialists from many disciplines including:
- Threat intelligence analysts
- Ethical hackers
- Security analysts
- User researchers
- Product managers
- Delivery managers
Build autonomous products and services
The Cyber Security team build autonomous products and services that help provide scalable solutions and increased efficiency. Automation frees up people for mission work using threat intelligence and machine learning to improve our solutions.
Actionable self-service security
The Cyber Security team provide service teams with tools, systems, process and support to service teams to make GDS more secure. By doing this the Cyber Security team makes sure security is neither too restrictive, burdensome and expensive, nor ineffective, inadequate or vulnerable for service teams.
Self-service makes sure people closest to GDS services have the tools to operate and resolve security incidents efficiently and effectively. These tools, systems and intelligence help service teams make informed decisions about their own security.
The Cyber Security team keeps an overall organisational view of how service teams use its tools, services and processes allowing GDS to operate securely.
The National Cyber Security Centre (NCSC) also provides guidance and intelligence about cybersecurity.