THE GLOBAL CYBER SECURITY CAPACITY CENTRE
Controlling Risks Through Technology and Processes
Effective and widespread use of cyber security technology, such as firewalls and anti-virus software, is essential to protect individuals, organisations and national infrastructure. We are therefore examining and measuring best practice in the use of technology and associated business processes, and looking at how to ensure good uptake of products.
Views vary as to what best practice is in the use of security products. This dimension will therefore take an independent look at best practice to determine what results in the most effective cyber security. As well as being used appropriately, security products need to be widely adopted. We will be examining the impact on uptake of the user-friendliness of design, and the optimal configurations of security features to deploy on devices at the time of purchase.
An important consideration regarding uptake is that one cost of security is inconvenience, and this must not outweigh the advantages of the information economy. It is not necessary for everyone to have top-level security –governments’ needs are very different from those of the general public. In considering how to encourage greater use of products, we must consider the appropriate security posture for a particular situation.
Business processes around security are also vital, but it is not enough for organisations to simply have a tick-box culture of compliance and training. It is important to think about particular threats to their business and how to react to them. We will try to measure whether organisations have moved to a culture where they are genuinely conscious of, and keen to reduce, the risks from cyber attack.
As well as looking at protection from cyber attacks, we will also examine the tools, structures and processes to help clear up after a security breach and minimise damage. We will be considering which sorts of organisational structure are most effective, and how to protect nations without such a facility, for instance by sharing in regional provision.
Throughout the different strands to this dimension, we will be seeking out projects that are being conducted across the world to help our research, and comparing their success. We will consider whether national initiatives are more or less effective than transnational ones, or whether regional activities would produce better results. We will also examine whether it is better to have various international forums to work on these areas, or if it would be more effective to combine them. The results should allow countries to see what really works in this area, and where there are gaps in their knowledge and approach.
This dimension is co-chaired by Professor Michael Goldsmith, Senior Research Fellow at the Department of Computer Science, University of Oxford, and Professor Chris Mitchell, Professor of Computer Science at Royal Holloway, University of London.