NCSC Feed

How certificates should be initially provisioned, and how supporting infrastructure should be securely operated.

In this post I propose that the software development community should work on developing and then standardising security-related libraries that focus on what the developer is trying to achieve.

Advice for Dixons Carphone customers following its data breach.

Even the best authentication can't help you if there is an easy way to bypass it.

David K introduces the concept of cyber resilience, and the benefits it brings.

Remote system administration provides powerful and flexible access to systems and services.

It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond, in the event your service is subjected to an attack.

Chris Ensor discusses the government's proposal to develop the cyber security profession in the UK.

Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.

This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.

...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'

How to limit the effectiveness of tools commonly used by malicious actors.

Advice for customers of Marriott International following the reports of a data breach.

New guidance on implementing MFA to better secure online services

Regardless of the type of phish, you'll still need multiple layers of defence to protect your organisation.

The NCSC's Chief Executive Ciaran Martin outlines why the UK needs a National Cyber Security Centre.

Guidance for risk assessors, and developers of applications which will be run on devices handling OFFICIAL data.

Guidance for those who want to understand and reduce the impact of the ROCA vulnerability.