An Introduction to GPG 13
by Jon Collins and Martin Atherton
CESG (Communications and Electronic Security Group) Good Practice Guide 13 (GPG 13) is increasingly being mandated for organisations involved in UK government business, including government departments, public organisations and indeed service providers and outsourcing companies.
The guide boils down to some pretty straightforward advice, namely: “how to protect against anything untoward happening on, or to your computer systems.” Who or what are we protecting against? The answer is both the people who access and misuse things they shouldn’t, as well as the systems they access.
The starting point and motivation for this document is that many organisations may need to get up to speed on GPG 13 because their governing bodies have requested it, or because it has become a pre-requisite for doing business.
This document discusses the impact of GPG 13, what doing it properly enables, and offers guidance on how to treat it as part of the bigger picture of sustainable IT change, risk mitigation and business efficiency.
This paper was compiled and written on an independent basis by Freeform Dynamics, based on multiple studies during 2009-2010, within the framework of its community research programme and sponsored by Tier 3.