Securing Information
Strengthening Business

Top Tips for Government Security Leads – Part 1

Government Security

This article is the first in a three-part series of tips for Government Security Leads. It is intended to provide a brief overview of the most important aspects of fulfilling the role and what pitfalls to avoid.

In our recent blog post, What EveryGovernment Supplier needs to know about the UK Cyber Strategy ,we highlighted the need for Government suppliers to be prepared for a raise in security standards. Government projects will not be immune. Projects will need to concentrate more and more on getting security right from the outset. The job of championing security, co-ordinating activities and engaging with the Government accreditation authority will fall to the Security Lead.

The importance of Security Leads to the success of any Government project seeking formal security accreditation is often overlooked or underplayed. Some see it as having responsibility for getting all the boring paper work needed for accreditation out of the way or just dealing with the Accreditor so he/she does not become a problem at a later stage. The truth is that the Security Lead should be an integral member of any project team, leading the development of security solutions that best balance the requirement with the underlying risks.

The role can be complex with multiple customers to satisfy; technical solution engineers, project managers and accreditors to name just a few. Here at Ascentor we have a lot of experience in performing the duties of a Government Security Lead, including the Security Assurance Co-ordinator (Security Lead) role in MoD, and thought it may be useful to jot down some top tips for those wishing to successfully carry out this role.

Tip 1: Be a team

It doesn’t have to be a single person that delivers everything.

At Ascentor we believe the Security Lead is primarily a facilitator that brings the right skills to the table when they are needed. The Security Lead does not have to be a gifted technical security architect but they do need to know where to get hold of one when required, assign a task and manage that task to resolution. Equally, they may be very technically capable but not have experience in putting together complex accreditation strategies; they should not be afraid to seek advice where necessary.

Above all, the Security Lead is a member of a team that is pulling together to achieve the same goal.

Tip 2: Understand the requirement

The first thing a Security Lead should do is understand what needs to be protected and why?

This should not be diving straight into a technical risk assessment but should be about getting to understand where the requirement came from, how it is intended to be used and who will be involved.

One of the most important aspects is getting to know who owns the information that needs protecting and why it is being given a particular value. It is often the case that the value of the asset has either been grossly over or under assessed – it is rarely right first time and often changes tack after some searching questions. The Security Lead must have a complete understanding of the information protection requirements for all three of the security pillars; confidentiality, integrity and availability.

In Part 2 of Top Tips for Government Security Leads we look at the importance of establishing key stakeholders and planning activities with clear lines of communication.

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Less rules, more goals. How recent changes in regulatory approaches can enable innovation in information security

Regulated sectors such as the civil nuclear industry and financial institutions have seen a recent shift towards outcome-focused regulation which is

How to pass Cyber Essentials PLUS first time

As anyone who’s ever run a race will know, it’s all about the preparation. As the saying goes, ‘if you fail to plan – you plan to fail’. The