The most effective way for an organisation to protect itself against national security threats is to use a combination of physical, personnel and people, and cyber security measures. For example an expensive swipe-card and PIN access control system is of little use if there are inadequate checks on who is given a pass in the first place. It will also fail if the system can be remotely accessed or bypassed.
CPNI’s protective security advice to the organisations that deliver the UK’s essential services is based on this principle. Multi-layering the different measures will provide the best mixture of deterrence and detection, and help to delay any attack.
More information about the range of advice from CPNI and partners is available on the website.
Appropriate and proportionate
Any procedures, measures and investments put in place must be appropriate and proportionate for that specific situation. Every location, even within the same organisation, will be different and so the security requirements will change accordingly with locally identified threats and vulnerabilities. Implementing the wrong measures may prove costly, unnecessarily disruptive and may even alienate staff. Careful planning and specialist advice will always be necessary.