Cyber resilience: private sector action plan 2018-2020

Plan to develop a common, aligned approach to cyber resilience across the private sector in Scotland, so that all sections of society and business benefit from being digitally safe and secure.


Footnotes

1 http://www.gov.scot/Publications/2015/11/2023

2 https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021

3 /policies/cyber-resilience/

4 https://ico.org.uk/for-organisations/data-protection-reform/

5 See: http://www.gov.scot/Topics/Statistics/Browse/Business/Corporate/KeyFacts

6 http://www.gov.scot/Resource/0051/00515583.pdf

7 http://www.nationalcrimeagency.gov.uk/publications/785-the-cyber-threat-to-uk-business/file

8 Businesses with fewer than 10 employees and sole traders – see: http://www.gov.scot/Topics/Statistics/Browse/Business/Corporate/alltables

9 https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018

10 Ibid.

11 The Cyber Essentials scheme offers a mechanism, endorsed by the National Cyber Security Centre, for organisations to demonstrate to customers, investors, insurers and others that they have adopted five critical network controls to guard against the most common forms of cyber-attack. taken essential precautions. See: https://www.cyberessentials.ncsc.gov.uk/ for further details.

12 A list of certifying bodies operating in Scotland is available at the SBRC website: https://www.sbrcentre.co.uk/services/cyber-services/cisp-and-cyber-essentials/trusted-partners/

13 See: /policies/cyber-resilience/cyber-resilience-action-plans/

14 https://www.ncsc.gov.uk/guidance/supply-chain-security

15 Available at /policies/cyber-resilience/cyber-resilience-action-plans/

16 In line with Article 1 (7) of the Directive, the banking and financial market infrastructures sectors within scope of the Directive will be exempt from aspects of the Directive where provisions at least equivalent to those specified in the Directive will already exist by the time the Directive comes into force. Firms and financial market infrastructure within these sectors must continue to adhere to requirements and standards as set by the Bank of England and/or the Financial Conduct Authority.

17 Some operators in this area will already be subject to the new NIS requirements.

18 See: www.gov.scot/cyberresilience

19 See: https://www.scottish-enterprise.com/knowledge-hub/articles/insight/can-do-innovation-challenge-fund

20 See: http://www.sicsa.ac.uk/funding/sicsa-cyber-nexus-industrial-public-sector-fellowships/

21 See, e.g. the Global Cyber Alliance’s free DMARC and Protected DNS (Quad 9) services: https://www.globalcyberalliance.org/initiatives.html

22 Proportionate to the size and resources of the member company.

23 This may, for example, take the form of guidance on “Supplying Scotland’s [Finance/Energy/ Pharmaceutical] Sector: Common Core Cyber Resilience Requirements” or “Supplying Scotland’s larger companies: Common Core Cyber Resilience Requirements”.

Contact

Back to top