UK National Cyber Security Centre

Assessing the cyber security threat to UK Universities

Assessing the cyber security threat to UK organisations using Enterprise Connected Devices.

How charities can erase personal data from donated laptops, phones and tablets, before passing them on.

Focused on automating UEFI firmware updates on Windows devices.

A structured look at what data to collect for security purposes and when to collect it.

The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design – and hopes to encourage more cyber defenders to engage with international standards.

Sara Ward, the CEO of Black Country Women’s Aid, discusses her organisation’s experience of gaining Cyber Essentials Plus certification.

Henry O discusses the pitfalls of performing a basic ‘lift and shift’ cloud migration.

Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it.

Ian Levy, the NCSC’s departing Technical Director, discusses life, the universe, and everything.

NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK’s telecoms networks are secure – regardless of the vendors used.

Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles

The NCSC’s e-learning package ‘Top Tips For Staff’ can be completed online, or built into your own training platform.

A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’.

Managing the cyber security of high profile events in the real and virtual worlds.

Implementing asset management for good cyber security.

Guidance for organisations that use, own, or operate an online service who are looking to start securing it.

An architecture pattern for safely importing data into a system from an external source.

The following tips can help organisations create their own cyber incident response exercises.

Check that you’re talking to a genuine NCSC employee, and not a criminal.

This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.

How to implement a secure end-to-end data export solution

How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.

A brief guide to MIKEY-SAKKE, a protocol that allows organisations to provide secure communications with end-to-end encryption.

Advice and recommendations for mitigating this type of insider behaviour.

How to avoid malware sent using scam ‘missed parcel’ SMS messages, and what to do if your phone is already infected.

Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure can’t implement the zero trust principles.

This guidance is aimed at service owners and security specialists involved in the provision of online services.

Why macros are a threat, and the approaches you can take to protect your systems.

An update on the work to make Principles Based Assurance (PBA) usable in practice.