Guidance

Designing your connected place to be resilient

Updated 10 July 2023

This was published under the 2019 to 2022 Johnson Conservative government

The following guidance sets out how you can design your connected place to be resilient against cyber attacks or other security events such as component failures, or administrative errors or information disruption, misuse or loss.

This guidance is relevant to:

  • Connected places project leaders/managers
  • Cyber security leads
  • IT professionals
  • Information managers, processors and users

Risk Management Guidance

Owner: National Cyber Security Centre

About this guidance: This guidance aims to help connected places project leaders/managers, IT professionals and cyber security leads make decisions about cyber security risk. It outlines the fundamentals of risk management, and describes techniques you can use to manage cyber security risks.


Secure Design Principles

Owner: National Cyber Security Centre

About this guidance: These principles are intended to help IT professionals and cyber security leads ensure that the systems which underpin your connected place are designed and built securely from the outset.


Denial of Services Guidance

Owner: National Cyber Security Centre

About this guidance: This guidance aims to help connected places project leaders/managers, IT professionals and cyber security leads understand and mitigate Denial of Service (DoS) attacks against your organisation.


Mitigating Malware and Ransomware Attacks

Owner: National Cyber Security Centre

About this guidance: This guidance outlines the actions connected places project leaders/managers, IT professionals and cyber security leads can take to help your organisation prevent malware or ransomware infections and steps to take if you’re already infected.


Personnel Security Maturity Model

Owner: Centre for the Protection of National Infrastructure

About this guidance: This guidance provides an overview of CPNI’s personnel security maturity model which has been designed to assess an organisation’s personnel security maturity. You can use this to assess organisations in your supply chain.


Managing the Risk of Cloud-Enabled Products

Owner: National Cyber Security Centre

About this guidance: This guidance provides connected places project leaders/managers, IT professionals and cyber security leads with an understanding of the risks of locally installed products interacting with cloud services, and provides suggestions to help you manage this risk for your organisation.


Secure Development and Deployment Guidance

Owner: National Cyber Security Centre

About this guidance: This guidance provides 8 principles to help IT professionals and cyber security leads improve and evaluate your software and systems development practices, and those of your suppliers.