New guidance to support UK construction projects has been jointly published between the NCSC, CPNI and BEIS.
The National Cyber Security Centre has today issued an Information Security Best Practice guide which aims to help construction firms keep sensitive data safe from attackers by offering advice on how to securely handle the data they create, store and share in joint venture projects.
The document sets out why information security matters for joint ventures and offers a recommended approach to take to manage the risks, including:
- Establishing information security governance and accountability within the joint venture and ensuring board-level engagement
- Identifying staff to hold responsibility for assessing specific information security risks and developing a shared information security strategy
- Understanding the specific risks and any regulatory requirements for the joint venture, and deciding on a shared risk appetite
- Developing and agreeing on a shared information security strategy to manage and mitigate the risks holistically, including physical, personnel and cyber risks.
Globally, the construction industry continues to be one of the most targeted sectors by online attackers and businesses of all sizes are at risk.
Earlier this year, the National Cyber Security Centre published cyber security guidance with the Chartered Institute of Building aimed at helping small and medium-sized businesses improve their resilience. Other NCSC resources aimed at helping organisations manage cyber security risks include the Board Toolkit, to facilitate essential conversations between board members and their technical experts, and the Exercise in a Box toolkit which helps organisations to test their incident response plans in a safe environment.
Original Article by CEF
