Information and Cyber Security

This section on information and cyber security provides our initial documents to support the information security programme with advice and support around cyber security.

Data Protection often looks at the security and legalities of personal data,  information security looks at more practical steps to secure all data in your organisation - in reality, the two things are intrinsically linked and the DPE data protection framework utilised many approaches from information security frameworks.

The documents include:
  • Cyber Essentials Guidance
  • Business Continuity Template
  • Information Security Policy
  • Physical Security Policy
  • Changing IT Provider Considerations
Whilst Cyber Essentials is a recommended framework, you may find it not right for you - however, the areas covered are those that your organisation needs to pay attention to, so it is worth reviewing. 

For a complete Information Security programme, other resources and tools are necessary, as well as strategic coordination with your information technology and facilities specialists. However, it is important to remember that accountability and governance is the responsibility of leadership and practical security and data protection is everyone's responsibility.

Other policies and tools should be used as part of your information security programme and these are an important part of a data protection programme. These include:
  • Clear desk policies
  • Record of processing (supplier, systems and hardware due diligence)
  • Retention schedules
  • Records management
  • Risk management
  • Bring your own device
  • Acceptable use
  • Password Management
  • User Access Control
  • etc.
Nothing should be taken in isolation. These tools and resources all work together.

Risk assessment is a key factor in information governance. We have therefore provided a new e-learning module on risk assessment.

How can we prevent a cyber attack from phishing?

What does cyber mean?

What is a vulnerability?

What is cloud computing?

What is malware?

What is MFA? (Multi Factor Authentication)

What is Phishing?

What is the dark web vs deep web?

What is the different between a virus and anti-virus software?

What should we do in the event of a cyber attack?

Ask a question

Have a question about Information or Cyber Security? Ask it here.
Invalid Input
Invalid Input
Invalid Input
Invalid Input