UK cyber security community

• BETHESDA, Md., Sept. 24, 2019 /PRNewswire/ --SANS Institute, the global leader in cyber security training and certifications, today announced SANS San Francisco Winter 2019 (#SANSSanFrancisco) taking place December 2-7 in California.
• Course topics include digital forensics and incident response, cyber defense, ethical hacking, cyber threat intelligence, security management, secure development, audit, and ICS security.
• SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide.
• Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online.

• BETHESDA, Md., July 31, 2019 /PRNewswire/ --SANS Institute, the global leader in cyber security training and certifications, today announced the agenda for SANS Seattle Fall 2019 (#SANSSeattle) taking place October 14-19 in Washington state.
• SANS Seattle Fall 2019 features course covering cyber defense, secure DevOps, ethical hacking, penetration testing, and security management.
• SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide.
• Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online.

Report summary

• To counter this threat, and continue to support the UKs digital government and economy, since 2011 the Cabinet Office (the Department) has managed two, five-year national cyber security strategies.
• The Department is beginning to make progress in meeting the strategic outcomes of the current, 20162021 National Cyber Security Strategy after a poor start.

Chair's comments

• As it currently stands, the Strategy is not supported by the robust evidence the Department needs to make informed decisions and accurately measure progress.
• On top of this, neither the Strategy or the Programme were grounded in business cases despite being allocated 1.9bn funding.

Conclusions and recommendations

• Recommendation: The Department should ensure another long-term coordinated approach to cyber security is put in place well in advance of the current Strategy finishing in March 2021.
  • The Department cannot justify how its approach to cyber security is delivering value for money.
• Recommendation: The Department should ensure that, to support any follow on, long-term and coordinated approach to cyber security, it produces a properly costed business case.
  • The Department lacks the robust evidence base it needs to make informed decisions about cyber security.
• Recommendation: The Department should write to the Committee by November 2019 setting out what progress it is making in using evidence-based decisions in prioritising cyber security work. This should include plans for undertaking a robust ‘lessons learnt’ exercise to capture all relevant evidence from the current Strategy and Programme to support any future approach to cyber security.
  • The Department has not been clear what the Strategy will actually deliver by 2021.
• Recommendation: When the Department publishes its costed plan in autumn 2019 for its future approach to cyber security it should also set out what the existing Strategy and Programme should deliver by March 2021, and the risks around those areas where it will not meet its strategic outcomes and objectives.
  • Government has not yet done enough to enhance cyber security throughout the economy and better protect consumers.

Report summary

• To counter this threat, and continue to support the UKs digital government and economy, since 2011 the Cabinet Office (the Department) has managed two, five-year national cyber security strategies.
• The Department is beginning to make progress in meeting the strategic outcomes of the current, 20162021 National Cyber Security Strategy after a poor start.

Chair's comments

• As it currently stands, the Strategy is not supported by the robust evidence the Department needs to make informed decisions and accurately measure progress.
• On top of this, neither the Strategy or the Programme were grounded in business cases despite being allocated 1.9bn funding.

Conclusions and recommendations

• Recommendation: The Department should ensure another long-term coordinated approach to cyber security is put in place well in advance of the current Strategy finishing in March 2021.
  • The Department cannot justify how its approach to cyber security is delivering value for money.
• Recommendation: The Department should ensure that, to support any follow on, long-term and coordinated approach to cyber security, it produces a properly costed business case.
  • The Department lacks the robust evidence base it needs to make informed decisions about cyber security.
• Recommendation: The Department should write to the Committee by November 2019 setting out what progress it is making in using evidence-based decisions in prioritising cyber security work. This should include plans for undertaking a robust ‘lessons learnt’ exercise to capture all relevant evidence from the current Strategy and Programme to support any future approach to cyber security.
  • The Department has not been clear what the Strategy will actually deliver by 2021.
• Recommendation: When the Department publishes its costed plan in autumn 2019 for its future approach to cyber security it should also set out what the existing Strategy and Programme should deliver by March 2021, and the risks around those areas where it will not meet its strategic outcomes and objectives.
  • Government has not yet done enough to enhance cyber security throughout the economy and better protect consumers.