There was an enthusiastic response from BCS members to an invitation from the Department for Science, Innovation and Technology to present details on two recently introduced Codes of Practice on Software Security and Cyber Governance. Together, they mark a significant step in strengthening the UK’s approach to software and cyber resilience.
Almost 100 people joined a webinar featuring guest speakers from DSIT and the National Cyber Security Centre.
The Codes of Practice are the result of collaboration between government, industry, and security experts, including input from BCS members to calls for evidence and consultations.
Feedback
The DSIT guest speakers delivered two presentations that included questions for the audience. They also invited the audience to share their own concerns and views in the webinar chat about the Codes of Practice.
Claire Penketh, Senior Policy and Public Affairs Manager at BCS, chaired the webinar with James Woodward, Director of Communications, fielding the audience's questions.
On Cyber Governance, DSIT posed these questions to the audience:
- Would your organisation sign up to the Cyber Governance Pledge?
- How do you think the government can most effectively drive uptake of the Cyber Governance Code?
- Would it be useful to have a self-assessment form which companies could either give to their suppliers to fill in or bake into existing processes, so they determine the extent of their adherence to the Cyber Governance Code?
And on Software Security, the guest speakers asked the following:
- Are there any principles and/or controls that you consider particularly challenging?
- Will industry need support from the government / NCSC to implement the Code? If so, what kind of intervention would you find helpful?
- As a voluntary Code of Practice, would your organisation consider implementing this policy?
- What market incentives do you think would be most effective to drive uptake?
Help and advice
In response, the audience suggested that additional resources would be helpful, such as a self-assessment form, and there was agreement that tailored support would be needed for some when it came to implementing and interpreting the code.
Next steps
Following the webinar, DSIT asked follow-up questions to be sent out to attendees. Regarding cyber governance, the request was for organisations interested in signing the Cyber Governance Pledge to contact jack.harrigan@dsit.gov.uk.
For you
Be part of something bigger, join BCS, The Chartered Institute for IT.
In addition, DSIT would welcome industry feedback on the Codes and whether organisations are experiencing any issues with using or implementing them. To do so, DSIT has asked for organisations to visit this website for cyber governance and this one for software – and for the latter, they are especially keen to hear from software suppliers and buyers.
Overall, both DSIT and those who attended the webinar stated that it had been a very useful exercise, with DSIT being particularly impressed and grateful for the level of engagement from our members.
There will be another webinar along similar lines in the autumn for those who missed the session or wish to revisit the topic. It will be hosted by the BCS Information Security Specialist Group. Details will follow on BCS communications and Eventbrite.
