Publication - Strategy/plan

Cyber resilience: private sector action plan 2018-2020

Published: 25 Jun 2018
Directorate:
Safer Communities Directorate
Part of:
Business, industry and innovation
ISBN:
9781787810396

Plan to develop a common, aligned approach to cyber resilience across the private sector in Scotland, so that all sections of society and business benefit from being digitally safe and secure.

52 page PDF

940.0 kB

52 page PDF

940.0 kB

Contents
Cyber resilience: private sector action plan 2018-2020
Footnotes

52 page PDF

940.0 kB

Footnotes

1 http://www.gov.scot/Publications/2015/11/2023

2 https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021

3 https://beta.gov.scot/policies/cyber-resilience/

4 https://ico.org.uk/for-organisations/data-protection-reform/

5 See: http://www.gov.scot/Topics/Statistics/Browse/Business/Corporate/KeyFacts

6 http://www.gov.scot/Resource/0051/00515583.pdf

7 http://www.nationalcrimeagency.gov.uk/publications/785-the-cyber-threat-to-uk-business/file

8 Businesses with fewer than 10 employees and sole traders – see: http://www.gov.scot/Topics/Statistics/Browse/Business/Corporate/alltables

9 https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018

10 Ibid.

11 The Cyber Essentials scheme offers a mechanism, endorsed by the National Cyber Security Centre, for organisations to demonstrate to customers, investors, insurers and others that they have adopted five critical network controls to guard against the most common forms of cyber-attack. taken essential precautions. See: https://www.cyberessentials.ncsc.gov.uk/ for further details.

12 A list of certifying bodies operating in Scotland is available at the SBRC website: https://www.sbrcentre.co.uk/services/cyber-services/cisp-and-cyber-essentials/trusted-partners/

13 See: https://beta.gov.scot/policies/cyber-resilience/cyber-resilience-action-plans/

14 https://www.ncsc.gov.uk/guidance/supply-chain-security

15 Available at https://beta.gov.scot/policies/cyber-resilience/cyber-resilience-action-plans/

16 In line with Article 1 (7) of the Directive, the banking and financial market infrastructures sectors within scope of the Directive will be exempt from aspects of the Directive where provisions at least equivalent to those specified in the Directive will already exist by the time the Directive comes into force. Firms and financial market infrastructure within these sectors must continue to adhere to requirements and standards as set by the Bank of England and/or the Financial Conduct Authority.

17 Some operators in this area will already be subject to the new NIS requirements.

18 See: www.gov.scot/cyberresilience

19 See: https://www.scottish-enterprise.com/knowledge-hub/articles/insight/can-do-innovation-challenge-fund

20 See: http://www.sicsa.ac.uk/funding/sicsa-cyber-nexus-industrial-public-sector-fellowships/

21 See, e.g. the Global Cyber Alliance’s free DMARC and Protected DNS (Quad 9) services: https://www.globalcyberalliance.org/initiatives.html

22 Proportionate to the size and resources of the member company.

23 This may, for example, take the form of guidance on “Supplying Scotland’s [Finance/Energy/ Pharmaceutical] Sector: Common Core Cyber Resilience Requirements” or “Supplying Scotland’s larger companies: Common Core Cyber Resilience Requirements”.


Contact