A guide to free cyber security resources

Another guest post from Howard Smith

Following my first blog on the Cyber Essentials scheme, in which I focused on the government cyber security framework, this time I’d like to examine free cyber security guidance that readers can use in order to preserve their business.

It’s imperative that organisations have robust strategies in place to protect their information. Searching the Internet you will find a plethora of papers, guides, and offers to assess your cyber security posture.  For those starting out on the cyber security journey, this choice of resources can be quite daunting.

It’s my intent in this blog to offer you a range of different advisory resources, some of which you will recognise, and some of which will be new to you.  Above all, you must be aware that whatever approach you decide to take, it’s your decision. The ultimate aim is to combat cyber security threats and risks, and provide suitable mitigation.

Free green papers

The following free green papers from IT Governance are an effective point to start from, and can be found here: Information Security & ISO 27001

  • Cybersecurity – A Critical Business Issue gives a clear insight into cyber security, and is an easy-to-read paper that addresses the rudimentary issues. It guides you through the maze-like technical requirements of cyber security in order to help you protect your business.
  • Cyber Resilience: Cyber Security and Business Resilience is, in my opinion, a must-read paper for all businesses. It’s not full of technical jargon, but consists of 11 pages of easily digestible practical information.

These green papers are complementary to each other.

ISO standards

The International Organization for Standardization (ISO) has developed a range of standards that are identified in these green papers, each of which has a specific function that complements ISO 27001, the international standard for information security management. It is particularly reassuring that ISO/IEC 27032 (‘Guidelines for cybersecurity’) has been produced.

Further afield

Looking further afield on this subject, I have discovered a prolific ambassador for information security in Mark E S Bernard, a respected member of the information security community. His qualifications speak for themselves and his contribution to information security is immense.

All physical and logical attributes have been pragmatically considered and depicted in Cyber Security Defined, and the Cyber Security Program Reference Model, depicts cyber security from a logical perspective, with supporting text.

Both give food for thought when addressing your cyber security programme.


In both of my blogs I have taken a pragmatic view of cyber security. The subject is highly debateable, but the ownership is yours.

Views and opinions expressed are that of the author and may not represent IT Governance.

green-papersU (1)