Having a clear people cyber strategy will help to ensure that your council’s cyber strategy and approach is shaped by a mature understanding of your current cyber exposure. It will also help to ensure you are protected against risks from your current supply chain - where risks are often greatest.
An effective supply chain cyber risk mitigation strategy requires setting out the roles and responsibilities for supply chain cyber security. Each council will need to identify the relevant people responsible for mitigating cyber risks in supply chains, so they can collaborate to develop council-wide, multidisciplinary approaches. A good approach includes the elements outlined in the graphic below:
A clear governance structure is key to ensuring the ongoing effectiveness of supply chain cyber security. Promoting cyber security and cyber resilience is an exercise of risk management and should be managed in the same approach that your council manages other risks (for example, financial risks, or operational risks). In your role it may not be possible to influence the whole council, but it is your responsibility to highlight how the wider governance structure can support you. Cyber security is not free, it takes a commitment in time, money, technology and people to achieve the resilience that your council needs.
To identify the cyber security risks to be aware of in the earliest stages of a new procurement, continue on to Planning.