The National Cyber Security Center (NCSC) is a part of the UK’s Government Communications Headquarters (GCHQ). If you are like me, you may have only heard about GCHQ in an unflattering context, that of working with US intelligence agencies to spy on foreign heads of state and hack foreign agencies.
As a UK intelligence organization, they seek to keep its citizens safe. Through the NCSC, it provides advice on cyber security.
I am going to reference two pieces of NCSC guidance. The first is great and the second terrible.
In December 2017, the NCSC published The fundamentals of risk.
Here are some excellent insights from that publication:
- Risk management exists to help us to create plans for the future in a deliberate, responsible and ethical manner.
- The purpose of risk management is to enable us to make the best possible decisions, based on our analysis of future events and outcomes. The future can be anticipated, but within limits defined by our uncertainty in our analysis.
- This requires risk managers to explore what could go right or wrong in an organisation, a project or a service, and recognising that we can never fully know the future as we try to improve our prospects.
- Risk management is about analysing our options and their future consequences, and presenting that information in an understandable,…