white MTI logo

Cyber Resilience Framework for Scottish Public Bodies

Cyber Resilience Framework for Scottish Public Bodies

white MTI logo
The Scottish Government wants to establish Scotland as a world-leading nation in cyber resilience by developing a framework by the end of June 2018 promoting common, effective and risk based approach to cyber resilience across Scottish public bodies

Public Sector Action Plan

In advance of this they have set out a Public Sector Action Plan to help Scottish Public bodies take an initial, significant step towards establishing that wider culture of cyber resilience in Scotland.

As a certified member of the Scottish Business Resilience Centre, a certified CREST provider and a cyber security specialist, MTI see the value and importance of this upcoming framework and the steps contained in the action plan are familiar areas of focus for us.

We’ve reviewed the action plan and summarised the key actions required by Scottish public bodies;

Key Action: Governance – by end June 2018

Scottish public bodies will need to demonstrate cyber risk governance arrangements, by end June 2018 that specify Board/Senior Management commitment to managing the risks arising from the cyber threat. This includes a nominated board/senior manager responsible for cyber resilience and regular board / senior management consideration for cyber security and resilience.

Key Action: Cyber Security Information Sharing Partnership (CiSP) – by end June 2018

To promote greater awareness of cyber threat intelligence across the Scottish public sector, the Scottish Government will encourage Scottish public bodies that are responsible for managing their own networks to become active participants in the Cyber Security Information Sharing Partnership (CiSP) by end June 2018.

Key Action: Cyber Essentials Scheme Participation – by end Oct 2018

The guidelines recommend that Scottish Public bodies have in place appropriate independent assurance that critical technical controls are in place to protect against the most common internet-borne threats by end October 2018. They recommend the Cyber Essentials certification scheme, as it is widely recognised (inc the NCSC), comprehensive and accessible. There is dedicated funding available to support bodies during the pre-assessment phase (up-to £1000)

Key Action: Active Cyber Defence (ACD) Programme – by end June 2018

Scottish public bodies are encouraged to be aware of, and implement appropriately, services available under the National Cyber Security Centre’s Active Cyber Defence (ACD) Programme by end June 2018. There are 4 main focus areas under this programme; Protected DNS, DMARC anti-spoofing, Web & network security and phishing and malware protection.

Key Action: Training and Awareness – by end June 2018

The Scottish Government will seek assurances from Scottish public bodies that they have in place appropriate staff training, awareness-raising and disciplinary processes with regard to cyber resilience for staff at all organisational levels. Initially, staff should be supported by relevant documentation this should in place by end June 2018, but in the medium term, the aspiration is to develop e-learning and interactive toolkits to support this initiative.

Key Action: Incident response – by end June 2018

The Scottish Government will work with the NCSC, Police Scotland and other key partners to ensure that Scottish public bodies have cyber incident response policies and processes in place, and that these can integrate with robust, clear, central cyber incident notification and coordination protocols by end June 2018.

Key Action: Monitoring and Evaluation – by end June 2018

As part of this action plan, the Scottish Government seek an effective monitoring and evaluation framework to help assess progress against this action plan and will request all Scottish public bodies provide one-off written updates, setting out progress on implementing key actions included in this action plan. The first round of requests will be by the end of June 2018.

Pen Testing

Penetration testing proactively assesses not only the IT equipment such as servers, work stations, mobile devices, web applications and network design but also the working practices of IT staff and users to identify any vulnerabilities or weaknesses.

Cyber Essentials

MTI provides a Cyber Essentials Scheme assessment service with everything you need to achieve CREST accredited Cyber Essentials Plus certification.

Professional Services

MTI offers professional services that guide your organisation through the most challenging IT projects. With over 20 years experience in helping our customers design, implement and maintain IT infrastructure, we can make sure that your organisation realises the greatest value from your investment in new technology.

Consultancy Services

The MTI Security Services portfolio covers the complete spectrum of security consulting to include ISO 27001GDPR and general security advice.


Image of the Check logo
Image of the Crest logo
image of ISO 17025 logo
UKAS testing logo

MTI Security partners

image of the ca logo
image of the cyberark logo
image of the forcepoint logo
image of the gemalto logo
image of the mobile iron logo
image of the paloato logo
image of the Watchguard logo
image of the splunk logo
image of the trend micro logo
Image of the Varonis logo
Image of the vmware logo