The UK Department for Science, Innovation and Technology (DSIT) is taking a proactive step to enhance cybersecurity practices with the unveiling of its draft Cybersecurity Governance Code of Practice. Jack Harrigan, head of cyber governance & accountability at DSIT, provided a glimpse of the forthcoming code during the ISACA London Conference 2024. The code, introduced on January 23, 2024, is designed to support directors and business leaders in developing a robust cyber governance plan, aligning with the UK’s £2.6bn National Cybersecurity Strategy initiated in 2022. This strategic initiative aims to make the Code of Practice a central cybersecurity guidance for organizations across sectors, promoting the implementation or improvement of comprehensive cybersecurity measures.
The draft code revolves around five high-level principles, including risk management, cyber strategy, people, incident planning and response, and assurance and oversight. These principles are derived from existing resources, particularly aligning with security principles provided by the National Cyber Security Centre (NCSC). DSIT initiated a call for views on January 23, seeking feedback from UK-based organizations to shape the content and structure of the code. The principles are further broken down into practical actions, offering a guide for organizations to enhance their cybersecurity posture. The document is currently undergoing a final review, and DSIT plans to launch the Code of Practice officially later in 2024 after the public consultation response is published in the summer.
