Cyber & Information Security Operations provides services to minimise risk on national solutions during live operations. This includes proposing secure solutions and mitigations to reduce risk, borne out of change.
How it works
The service involves working with other service support colleagues, to lead, define and document the security artefacts required to maintain assurance of national solutions.
Monitoring of the security controls of live operations, ensures stakeholders are held accountable for the protection of confidentiality, integrity and availability of the data within national systems and services.
Benefits
- Enhanced cyber resilience through proactive security management through live running.
- Enabling ongoing security management through the lifecycle of a solution, enabling assurance to be maintained and risks reduced.
- Enabling and supporting key cyber incident and resilience strategies. For example, the National Policing Cyber Security Strategy enabling policing to ‘Defend as One’.
- Regulatory compliance with national and policing standards.
- Flexible support model to meet changing bespoke solution requirements.
|
|
 |
Additional services
Additional capacity for this service available to local forces (chargeable).
Learn more about member benefits on our dedicated Members page.
What we need
- Security artefacts/documentation that outlines requirements during live running, produced during delivery.
- Transition Plan completion to enable build of service model.
- Current residual risk register and any identified risk treatments.
- Current security policies and governance frameworks.
- System architecture and technical documentation.
- Collaboration and participation in security working groups and access to relevant stakeholders.
What you get
- Early assessment and identification of security risk associated with live running of services to Policing.
- A structured and chaired Security Working Group, to enable discussion on change and risk reduction activities.
- Advice on best practice for the management of assets in line with National policy.
- IT Health Check and Penetration Test scoping, with supported remediation plan creation, aligned to risk reporting.
- Implementation of tailored and bespoke training and awareness campaigns.
- Contextualisation of threat intelligence across platforms and applications, received from the Police Digital Service’s National Management Centre. Providing context and robust recommendations for mitigation and resolutions.
- Identification and build of mechanisms to identify security incidents or seamless integration to existing services/alerts, enabling events or incidents to be reported effectively and responded to.
- Developing and implementing effective policies and procedures to maintain security mitigations.
- Expert guidance across all security domains.
- Recommendations for risk mitigation and control improvements.
- Advice on governance and process gaps aiming to improve overall security posture.
Use cases
PDS significantly enhanced the security controls maturity within the National Police Capabilities Environment (NPCE), reducing risk by collaborating with ICT to implement consistent processes for critical security elements, that stand up to robust scrutiny.
The Police Digital Service identified key risk areas and rationalised the appropriate treatments, to focus on the most effective outcomes through the national Security Working Group.
Previously high risk areas including consistent management of user access, service account governance and logging of tooling and attributes now operate under newly standardised controls, that are regularly reviewed for control effectiveness.
This strategic improvement, has embedded security directly into operational discipline. This ensures consistency, simplifies future compliance audits and has established a scalable foundation for long term security management.
