10 Oct 2023
by Torsten George

Strengthening your compliance and security posture for government

Guest blog by Torsten George, Cybersecurity Evangelist at Absolute #techUKCyber2023

Serving the public requires that government agencies handle and store a vast amount of information on private citizens. Every piece of this data has value—both to cybercriminals who may use it for fraud or other malicious purposes and the public sector organizations who need it to function.  

Government agencies must keep security front and center while navigating a minefield of targeted attacks and other malicious activity. As is often the case in the public sector, effectively protecting data, users, and devices involves implementing a comprehensive compliance strategy. For government agencies, there are a variety of regulations and security frameworks ranging from HIPAA to FISMA to NIST SP 800-53 that set the requirements for how IT assets and data must be protected. 

In our latest compliance white paper, we look at these and other regulations and industry standards driving cybersecurity efforts in the public sector. 

Security and compliance requirements are wedded together. The regulations establish the overall baseline that security protections must meet. For government organizations, several challenges are front and center, including controlling off-network devices, securing remote employees and their data, and assessing risk. Access controls, encryption, and endpoint management are critical capabilities that enable government agencies to meet these challenges. Regulatory mandates and industry standards tell organizations what they need to hone in and protect, what counts as sensitive data, and the level of controls that must be implemented to secure it and users’ devices. 

As always, organizations must know what regulations apply to them and use that information to help shape spending and strategic priorities. Some agencies may have multiple regulations to comply with, making meeting mandates complicated. Ongoing compliance management requires more than just the occasional checkup; it means monitoring your endpoints and environment to detect and remediate any issues before they can be exploited or uncovered in a formal audit. Understanding compliance requirements is a necessary element of understanding risk. When it comes to protecting sensitive data, the threat is not only the possibility of a data breach—failing to comply with required standards can also result in punishments such as fines and other penalties. 

With sensitive data on so many devices, government agencies need to focus on issues such as asset intelligence, automated endpoint hygiene, and continuous compliance monitoring on all their endpoints. To read more about the marriage of compliance and cybersecurity for government organizations, download our white paper on the public sector here. For a general look at compliance and cybersecurity and how organizations can take a risk-based approach to compliance, download our main report.

You can find the original blog here

NHS Norfolk Case Study

Torbay and South Devon NHS Foundation Trust Case Study


techUK’s Cyber Security Week 2023 #techUKCyber2023

The Cyber Programme team are delighted to be hosting our annual Cyber Security Week between 9-13 October.

Click here to read all the insights

Join us for these events!

11 October 2023

Cyber Innovation Den 2023

Central London Conference

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more

Join techUK's Cyber Security SME Forum

Our new group will keep techUK members updated on the latest news and views from across the Cyber security landscape. The group will also spotlight events and engagement opportunities for members to get involved in.

Join here

Cyber Security updates

Sign-up to get the latest updates and opportunities from our Cyber Security programme.

 

 

 

 

Related topics

Authors

Torsten George

Torsten George

Cybersecurity Evangelist , Absolute

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations to stay resilient in the face of growing and ever-changing cyber threats. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 25 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify Corporation, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).