Post-quantum cryptography: what comes next?
Post-quantum cryptography: what comes next? This month, a major milestone in post-quantum cryptography (PQC) has been reached: 3 algorithm standards...
NCSC
Business email compromise: new guidance to protect your organisation
Business email compromise: new guidance to protect your organisation Business email compromise (BEC) occurs when a criminal accesses a work...
Machine learning security principles updated
Machine learning security principles updated The NCSC’s ‘Principles for the security of machine learning’ were originally published in August 2022....
Smart devices: new law helps citizens to choose secure products
Smart devices: new law helps citizens to choose secure products From 29 April 2024, manufacturers of consumer ‘smart’ devices must...
Cyber Assessment Framework 3.2
Cyber Assessment Framework 3.2 In the two years since the last version of the NCSC Cyber Assessment Framework (CAF) was...
Interactive administration in the cloud: managing the risks
Interactive administration in the cloud: managing the risks In the NCSC’s cloud platforms guidance (and most recently in our lift...
SCADA ‘in the cloud’: new guidance for OT organisations
SCADA 'in the cloud': new guidance for OT organisations During engagement with industry, the NCSC has noticed a clear shift...
New ‘Connected Places’ infographic published
New 'Connected Places' infographic published It’s been almost 3 years since we released our ‘Connected Places Cyber Security Principles’. Today...
Products on your perimeter considered harmful (until proven otherwise)
Products on your perimeter considered harmful (until proven otherwise) In the earlier days of the internet, a small number of...
Unleashing the power of cloud with containerisation
Unleashing the power of cloud with containerisation One question that the NCSC is often asked, is whether to use containers...
Researching the hard problems in hardware security
Researching the hard problems in hardware security What’s hardware security all about? The CEO of Intel, Pat Gelsinger, recently asked...
New cloud guidance: how to ‘lift and shift’ successfully
New cloud guidance: how to 'lift and shift' successfully Earlier this year, the NCSC published new guidance on ‘Using cloud...
Introducing the guidelines for secure AI
Introducing the guidelines for secure AI Artificial Intelligence (AI) systems have the potential to bring many benefits to society. However,...
An RFC on IoCs – playing our part in international standards
An RFC on IoCs – playing our part in international standards In August 2023, the IETF published the document Indicators...
Migrating to post-quantum cryptography
Migrating to post-quantum cryptography In 2020, the NCSC published a white paper on https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography" target="_self">Preparing for Quantum-Safe Cryptography. This paper...
AIT fraud: what you need to know
AIT fraud: what you need to know The rise in Artificial Inflation of Traffic (AIT) is leaving many businesses out...
Next steps in migrating to post-quantum cryptography
Next steps in migrating to post-quantum cryptography In 2020, the NCSC published a white paper on https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography" target="_self">Preparing for Quantum-Safe...
Our new principles to help make cloud backups more resilient
Our new principles to help make cloud backups more resilient Every month there are press reports of a global organisation...
Building on our history of cryptographic research
Building on our history of cryptographic research Our organisation has a long history of cryptographic research. As the UK national technical authority for...
Ransomware and the cyber crime ecosystem
Ransomware and the cyber crime ecosystem Ransomware has been the biggest development in cyber crime since we published the NCSC’s...
To SOC or not to SOC ?
To SOC or not to SOC ? So, you are implementing a large digital project, and have followed the GOV.UK...
Spotlight on shadow IT
Spotlight on shadow IT ‘Shadow IT’ (also known as ‘grey IT’) is the name given to those unknown IT assets...
New techniques added to the NCSC’s ‘risk management toolbox’
New techniques added to the NCSC’s ‘risk management toolbox’ It has been 5 years since we last updated our risk...
Protecting how you administer cloud services
Protecting how you administer cloud services No matter which cloud service you choose, there are two aspects of your security...
