The National Cyber Security Centre (NCSC, formerly CESG), the Information Security arm of Government Communication Head Quarters (GCHQ), and the National Technical Authority for Information Assurance documented 35 Good Practice Guides to help public sector organisations within the UK manage risk.
GPG number 13 describes the requirements for good practice and a set of IT controls for the security of Information Technology systems. Specifically, GPG13 describes 12 Protective Monitoring Controls (PMC) which is comprised of tasks such as event log management and use of intrusion detection and prevention systems. Public sector local authorities are required to conform to GPG13 in order to prevent accidental or malicious data loss.
However, Achieving GPG13 compliance is challenging—especially for organisations managing competing priorities, limited budgets, and small IT security teams.
Simply click here to download this latest GPG13 Compliance brief and find out how your organisation can shorten the timeframe and minimise resource in order to achieve full GPG13 compliance