Home

Helping clients separate benefit from risk.

Winsafe was founded in 1986 after a buyout of the technology assessment of the National Computer Centre. The mission of Winsafe was, and is, to help clients separate benefit from risk with regard to the use and exploitations of new technologies in general and digital information and communications technologies, content and services in particular

Clients are typically investors, finance directors or decision taker requiring an objective third party appraisal as to whether a business or market opportunity, product, service or policy proposal merits their serious consideration and/or support.

Regular clients in the past have included the National Computing Centre, The High Tech Unit of Barclays Bank, The Parliamentary IT Committee, the European Informatics Market and Reed Elsevier.

Members of the Winsafe consultant panel operate to strict codes of impartiality and have given evidence to and/or been retained as specialist advisors to select committees, government departments and ministers.

Enquiries should be sent to virgo.philip@outlook.com

Introduction

This is an update to the blog I produced last year after summarising DCMS 2021 Data Breaches, Skills  and  State of the UK Cyber Security Sector reports. The 2022 Data Breaches (and Educational Breaches Annex)  and Cyber Security Sector Reports are now available.

These indicate an increasing number of initiatives but little progress in reducing the cost of crime or bridging the skills gaps. More-over most businesses are still unaware of the new policing structures.

What has changed is a growing awareness of the need to help employers make sense of the initiatives and to measure their effectiveness. That has, however, yet to be translated into action and/or metrics – whether we are talking of initiatives to improve awareness, provide guidance that will be acted on or improve the supply of trainees to whom employers are willing to provide work experience and/or hire.

Last year the expectation was that updates would not be needed after the launch of the Cybersecurity Council. That is now operational but its resources look likely to be fully committed to agreeing standards and pathways for accredited and certified professionals.

It will be some time before it has the resource to meet expectations for “outreach” activities, such as put UK cyber skills initiatives into the “applications context” of improving on-line safety, addressing counter-fraud and meeting regulatory requirements (from GDPR and PCI-DSS to DORA and Telecoms Security).

Meanwhile there is also a need to make and publicise the case for business and employers of all sizes, including public sector users, to work in partnership with law enforcement, including via the new Cyber Resilience Centres and their trusted partner programmes to help safe-guard their employees (and their families) as well as those in their supply chains, let alone their own operations. Without such co-operation law enforcement will never have more than a fraction of the resources necessary.

The objective is to summarise and provide links to more detailed information on:

1. The current state of play of the evolving law enforcement structures – including cyber, counter-fraud, on-line safety, product safety, reporting, guidance and co-operation.
2. Sources of authoritative guidance on topics of concern to users (business, schools, charities etc.) and the public (including as victims, parents or carers)
3. Analyses of the current state of supply and demand and supply and information to help employers identify which programmes are likely to relevant to their needs.

The structure is as follows:

1. Background: the changing challenges and opportunities.
2. Law Enforcement Structures
   1. National (NCSC, NPCC, Action Fraud, BRIM etc.) 
   2. Regional (ROCUs, CRCs etc.)
   3. Local (including down to SNTs, SNPs and Neighbourhood Watch)
   4. Notification and Reporting (incident and intelligence not just “crime”)
   5. Law Enforcement Guidance and Crime Prevention programmes
3. Guidance (including from Banks, Charities etc. 
   1. Cyber: including Data Protection, Extortion etc.
   2. Fraud: including Payment, Employment, Product etc
   3. On-line safety
   4. Safeguarding – Adults as well as Children  
4. Current State of Supply and Demand
   1. Professional
   2. Technician
   3. Applications
   4. User
5. National, Regional and Local Programmes
6. Appendices
   1. Qualifications and How to Check them

Sections to be inserted as drafted

1. Background: the changing challenges and opportunities.
2. Law Enforcement Structures
   1. National (NCSC, NPCC, Action Fraud, BRIM etc.) 
   2. Regional (ROCUs, CRCs etc.)
   3. Local (including down to SNTs, SNPs and Neighbourhood Watch)
   4. Notification and Reporting (incident and intelligence not just “crime”)
   5. Law Enforcement Guidance and Crime Prevention programmes
3. Guidance (including from Banks, Charities etc. 
   1. Cyber: including Data Protection, Extortion etc.
   2. Fraud: including Payment, Employment, Product etc
   3. On-line safety
   4. Safeguarding – Adults as well as Children  
4. Current State of Supply and Demand
   1. Professional
   2. Technician
   3. Applications
   4. User
5. National, Regional and Local Programmes
6. Appendices
   1. Qualifications and How to Check them

Digital Forensics

Cyber Threat Intelligence

Cyber Security Generalist

Cyber Security Management

Incident Response

Network Monitoring and Intrusion Detection

Vulnerability Management

Security Testing

Cryptography and Comms Security

Secure Operations

Identity & Access Management

Secure System Architecture & Design

Cyber Security Audit & Assurance

Data Protection & Privacy

Secure System Development

Cyber Security Governance & Risk Management

(including how to check claims of accreditation by individuals and training providers)