A borough council achieves PSN and PCI compliance with Six Degrees’ Managed Security Services.
Every UK Local Authority must meet a minimum level of detailed security alert logging and monitoring for business critical systems in order to meet the Good Practice Guide Protective Monitoring standards, known as GPG 13. Although no longer mandatory, GPG 13 still provides an excellent benchmark for an organisation to determine their security logging and monitoring requirements. These specific requirements form part of PSN compliance, giving councils controlled access to internet content and shared services.
How can we help you?
Get in touch today and we can discuss how we can enable your company to be brilliant.
However, getting alert monitoring and analysis right is a challenge for many resource-strapped local authorities. Too little focus can quickly result in non-compliance, but with a growing number of systems to monitor, it is all too easy for security teams to become overwhelmed with alerts – many of which may be irrelevant. This can have the effect of distracting security professionals from addressing issues that pose a real risk.
Utilising Six Degrees’ Managed Security Services has helped the borough council to establish a clear process for linking access to system components, especially access provided through administrative privileges such as root, to each individual user. The security team now has access to audit trails for all system components with synchronised critical system clocks and timestamps, securing this data so that it cannot be altered.