Brett, Mark (2022) A principles-led approach to information assurance and governance in local government. Cyber Security: A Peer-Reviewed Journal, 5 (4). pp. 361-377. ISSN 2398-5119
This practice-based paper explores a principles-led approach to cyber information governance for local authorities (LAs) in England and Wales, while linking it to a corporate information governance regime to support cyber security and resilience. Over the past 15 years the author has worked with several LA regional cyber security groups known as WARPs (Warning, Advice and Reporting Points). The paper goes on to propose an approach to cyber maturity, offering a novel way to think about the issues, while exploring a number of tools and techniques. This work has used a practice-based approach to help develop usable artefacts for policy readers as well as technical ones. We especially explore the contention between policies and principle-based approaches to information risk management (IRM). The National Cyber Security Centre (NCSC) has recently blogged about a principles-led approach to cyber security. We will consider the move from a policy (rules)-based approach to a principles-based approach around information assurance and risk management, all of which ultimately supports strategic decision making around IRM, information assurance and cyber resilience.
View Item |