The goals of the cyber security strategy are to:
- enable organisational wide thematic analysis of cyber security across all Essex County Council domains and operations
- enable ownership of cyber security at tactical and strategic level for operational effectiveness, not limited to cyber resilience
- provide assurance to council stakeholders and Essex citizens that the council’s services are appropriately protected against security threats and that data privacy is safeguarded, from day-to-day civic life, defending democracy, through to regional and national election schedules
- contribute to the basis of the Essex Digital Strategy that will deliver the appropriate security controls to enable the Everyone’s Essex strategy
The strategy is intended to cover all the council’s digital services systems and council data held within them, including cloud services and those hosted privately by delivery partners, not limited to:
- threat actor observations
- threat intelligence assessments
- identity and access management
- employee awareness and training
- security configuration
- network security
- incident response
- data security
This strategy is intended to promote operational effectiveness by adhering to applicable HM Government frameworks.
All goals will be aligned to the Essex Digital Strategy which considers best practice frameworks such as, but not limited to:
- ISO 27001
- Local Government Cyber Assessment Framework (LG CAF)
- Cyber Essentials
- Payment Card Industry Data Security Standard (PCI-DSS)
This makes sure a robust methodology is applied that follows industry guidelines.
