Improving Security Operations in Government
The National Cyber Security Centre (NCSC) provides practical measures to help UK government bodies meet their Protective Monitoring needs. This guidance, which evolved from the former CESG Good Practice Guide No 13 (GPG13), covers logging, monitoring and security operations. NCSC’s guidance is aimed at helping UK government departments, agencies, the critical national infrastructure and public sector supply chains protect their information and systems. It also has relevance for local government and the wider public sector.
UK Government organisations and agencies have clear responsibilities concerning the safe-keeping of information and the IT security of their systems. The guidance can be found at NCSC site here.
How to improve Protective Monitoring
Our compliance guide to the established GPG13 standard shows how Huntsman Security’s Enterprise SIEM supports UK government organisations meet the aims of NCSC by:
- Combining requirements like security audits, forensic analysis and rule-based intrusion detection with advanced real-time behaviour anomaly detection
- Managing, storing, analysing and reporting on logs and events within defined time scales
- Monitoring and identifying suspicious activity, human or IT, across an IT network
Improve your GPG13 Compliance
Our GPG13 Compliance Guide covers the following key concepts:
- Government security requirements for protective monitoring
- Real-time security threat detection for users, network, databases, applications and communications
- Behaviour anomaly detection, baselining normal activity and detecting suspicious activity
- Compliance and IT security policy monitoring and risk management
- Forensics analysis, audit and investigations
Security Operations & Management
More recent guidance (again at NCSC) has focused on the wider process objectives such as threat detection and incident handling. In some of the finer detail this guidance echoes the requirements of GPG13 with regard to protective monitoring.
Huntsman Security’s Enterprise SIEM can form the basis of of a security operations centre that follows this ethos.