Top Tips for Government Security Leads – Part 1

Government Security

This article is the first in a three-part series of tips for Government Security Leads. It is intended to provide a brief overview of the most important aspects of fulfilling the role and what pitfalls to avoid.

In our recent blog post, What EveryGovernment Supplier needs to know about the UK Cyber Strategy ,we highlighted the need for Government suppliers to be prepared for a raise in security standards. Government projects will not be immune. Projects will need to concentrate more and more on getting security right from the outset. The job of championing security, co-ordinating activities and engaging with the Government accreditation authority will fall to the Security Lead.

The importance of Security Leads to the success of any Government project seeking formal security accreditation is often overlooked or underplayed. Some see it as having responsibility for getting all the boring paper work needed for accreditation out of the way or just dealing with the Accreditor so he/she does not become a problem at a later stage. The truth is that the Security Lead should be an integral member of any project team, leading the development of security solutions that best balance the requirement with the underlying risks.

The role can be complex with multiple customers to satisfy; technical solution engineers, project managers and accreditors to name just a few. Here at Ascentor we have a lot of experience in performing the duties of a Government Security Lead, including the Security Assurance Co-ordinator (Security Lead) role in MoD, and thought it may be useful to jot down some top tips for those wishing to successfully carry out this role.

Tip 1: Be a team

It doesn’t have to be a single person that delivers everything.

At Ascentor we believe the Security Lead is primarily a facilitator that brings the right skills to the table when they are needed. The Security Lead does not have to be a gifted technical security architect but they do need to know where to get hold of one when required, assign a task and manage that task to resolution. Equally, they may be very technically capable but not have experience in putting together complex accreditation strategies; they should not be afraid to seek advice where necessary.

Above all, the Security Lead is a member of a team that is pulling together to achieve the same goal.

Tip 2: Understand the requirement

The first thing a Security Lead should do is understand what needs to be protected and why?

This should not be diving straight into a technical risk assessment but should be about getting to understand where the requirement came from, how it is intended to be used and who will be involved.

One of the most important aspects is getting to know who owns the information that needs protecting and why it is being given a particular value. It is often the case that the value of the asset has either been grossly over or under assessed – it is rarely right first time and often changes tack after some searching questions. The Security Lead must have a complete understanding of the information protection requirements for all three of the security pillars; confidentiality, integrity and availability.

In Part 2 of Top Tips for Government Security Leads we look at the importance of establishing key stakeholders and planning activities with clear lines of communication.

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:

Share this article:

6 thoughts on “Top Tips for Government Security Leads – Part 1

  1. Paul Gittins says:

    Professional looking site guys, well done. Like the idea of the security articles. What seems like “expert statements of the blindingly obvious” to us is not, as your tips allude to, understood by those outside the security industry – especially I would say senior military officers involved in the procurement process.

    • Paddy Keating says:

      Thanks for your comments Paul. It is always nice to get some positive feedback. As you say, the tips are not really there to help already established security personnel but to give an insight into the role for others that may be involved on the periphery.

  2. […] Security controls Home / Government Information Security, Information Security for Government Suppliers / Top Tips for Government Security Leads – Part 2 « Who is Responsible for Information Risk Management? Top Tips for Government Security Leads – Part 1 » […]

  3. […] Top tips for Government Security Leads Tagged: CLAS consultants, GSi CoCo, information assurance, Pan Governmental Accreditor PGA, Public Services Network accreditation Published: June 25, 2012 in Government Information Security, Information Security for Government Suppliers, PSN Public Service Network Comments: […]

  4. […] you found this article useful, take a look at Part 1 and Part 2 of this three part […]

Comments are closed.