What on earth is GPG 13 and how do people get GPG13 compliance? Protective Monitoring, otherwise known as Good Practice Guide 13, or GPG13, is a UK central government highly recommended set of people and business functions and IT Solutions to greatly enhance enterprise risk profiles.
Fundamentally, a Protective Monitoring solution will give you awareness and an knowledge of who is obtaining access to the companies sensitive data.
Execution of protective monitoring solutions are endorsed in many regulatory and industry best practices, such as PCI DSS , Cyber Security and SOX. Even though it is not compulsory for private sector organizations to implement a Protective Monitoring solution, most businesses could well be remiss in their care of duty if you're not executing a solution, in relation to security controls required to defend third party data within their enterprises. It thus remains most likely that Protective Monitoring will make up a percentage of the IT Security and risk controls in most, if not all, enterprises.
Implementation of Good Practice Guide 13 is a strong recommendation for any HMG ICT Systems, and is in essence mandatory for systems that store high impact level data.The aim of a Protective Monitoring strategy is to insure that there is a a higher level operational insight, to confirm that organisations fully understand how their IT systems are used or abused by internal or external agents.
You'll find significant proof points that demonstrate organisations without having a monitoring system will take a significant time frame to uncover that the internal or external violation has occured. In fact, for almost all enterprises, an average of, it could be months following a breach has transpired before it would be observed. It is additionally likely, in 86% of cases, that the actual discovery will be uncovered by an external party, that would then advise the breached enterprise.
Obviously that is a tremendous risk to the companies reputation, in addition to a considerable financial threat if the organisation is under an obligation to employ effective controls.Enterprises without Protective Monitoring are likely to impact the IT systems confidentiality, integrity and availability (CIA), further impacting business sustainability and reputation.
The Security Policy Framework , published by the UK Cabinet Office, sets out compulsory standards and offers guidance on risk management, compliance and assurance programs.
The Security Policy Framework is a publically obtainable guide that replenishes the much less distributed Manual of Protective Security and the Counter-Terrorist Protective Security Manual.
Good Practice Guide 13, Protective Monitoring, is compelled by the Security Policy Framework on businesses that process or stores high impact data.
Additionally, execution of GPG 13 will support HMG IA Standard No.1; which is a collection of guidelines to complete Technical Risk Assessment.
GPG 13 is made up of twelve Protective Monitoring Controls (PMC), each of which is designed to make improvements to a companies risk profile.
No comments:
Post a Comment