The Communications Electronics Security Group (CESG) is the National Technical Authority for Information Assurance within UK Government (GCHQ). CESG advice is published in Good Practice Guides (GPG) designed to help organisations manage risk effectively.
Some of the Good Practice Guides that have received recent attention are:
- GPG number 6, which provides guidance on managing the risks of offshoring
- GPG number 8, which focuses on protecting external connections to the Internet.
- GPG number 10, which addresses the risks of remote working.
- GPG number 12, which provides guidance on managing the security risks of virtualisation for data separation.
- GPG number 18, which describes principles for security forensics.
- GPG number 13, which describes a framework for addressing risks to government systems and includes protective monitoring controls for collecting information and communications technology (ICT) log information and configuring ICT logs in order to produce an audit trail. GPG number 13 forms part of the Code of Connection (CoCo), a prescriptive technical standard that public-sector organizations must meet in order to gain access to the UK Government Connect Secure Extranet. The same CoCo system is used by Highways England (HE) to protect its National Roads Telecommunication Service (NRTS) – a nationwide data network providing connectivity for HE’s operational systems.
In practical terms, the GPG13 standard describes twelve Protective Monitoring Controls. IT4A accommodate some of these control through its Network Monitoring services. IT4A’s Security Information and Event Management (SIEM) system automates many elements of network monitoring, it also underpins advanced Intrusion Detection Systems (IDS) / and Intrusion Prevention Systems (IPS) systems as they emerge. IDS and IPS are not currently commonplace within Automation system networks.
IT4A believe its approach to SIEM based monitoring provides robust monitoring of all managed network assets. We ensure operational issues that relate to path, component or network node failure are picked up along with security related issues generated by firewalls and authentication failures.
Our dedicated tools are performing 24/7 network monitoring, continuously interrogating live networks for the current status and appearance of:
- Equipment failures or conditions for failure
- Link and service failures
- High utilisation (bandwidth, processing power etc.)
- Communication errors
- Security policies violations (breaches), intrusion detection
- Custom and implementation-specific events