This list will be developed and maintained over time. Please let us know if there is a useful publication/information source that we should reference.
Board and Executive Cyber Security Advice
We support Boards of Directors and Business executives in understanding cyber security risk and how it can be reported and managed. We also support CISOs in developing their Board and executive metrics. We recommend the World Economic Forum report “Advancing Cyber Resilience: Principles and Tools for Boards” which we had the pleasure of being involved with.
Internet of Things
Our overview on the security of the Internet of Things is covered in a chaper in ‘Smart Cards, Tokens, Security and Applications’ published by Springer.
The Procurement Language Guidance aims to support consistent and clear procurement tender development through delivering an effective approach to procurement by industry. The guidance contains a suite of procurement statements that can be incorporated into related documentation. This will enable users to effectively and consistently articulate and implement an industry baseline level of cyber security for the products and services used within their EDS.
The Internet of Things (IoT) is gaining increasing interest in the energy sector, both in the hands of consumers with smart energy consuming devices but also for distributed energy and extensions to established power networks and systems. The IoT Security Foundation is a not for profit organisation producing free to access security guidance for IoT as well as promoting certification and adoption of secure systems.
Please suggest other standards and guidance to be included.
The framework focuses on using business drivers to guide cyber security activities and considering cyber security risks as part of the organisation’s risk management processes. The framework provides a common organising structure for multiple approaches to cyber security by assembling standards, guidelines, and practices that are working effectively today.
The E3CC chose to use this framework to underpin the periodic risk assessment of UK electricity and gas cyber security which was last performed in 2017. We also took ideas from the C2M2 maturity work supported by the US Department of Energy.
The Weakest Link: Why Your Employees Might Be Your Biggest Cyber Risk
Cyber security is not just a technical issue. The E3CC facilitator has co-authored a book which explores the psychology of why people make the wrong security decisions and how to motivate and support them in becoming a positive asset for good cyber security. This is available on Amazon in various formats.
Please suggest additional materials