Bradford Council

Social Engineering Exercise

Briefly describe the initiative/ project/ service

Cyber Security is the use of various technologies and processes to protect networks, computers, programs and data from attack, damage or unauthorised access. To this goal, this project has implemented a cyber-security monitoring exercise with a Leading cyber-security Business School (University) that serves to both understand the current cyber-security readiness level of Bradford Council and also set the basis for the future implementation of cyber security risk assessment. The objective is to secure and protect information from unauthorised access, use, disruption, modification or destruction regardless of how the information is stored – electronic or physical, with business processes and people at the heart of the project.
The objective of this exercise was to identify key data and information assets – ultimate target of any cyber-security attack, that if compromised would have significant negative consequences. An assessment of the business environment and governance has also been carried using social engineering methods old and new that will help provide the posture for the council when it comes to cyber-security reediness and for other organisations to learn from such as the WARPS and NSCS etc when it comes to prevention.

Why do you think it should win this award?

We believe this is the first innovative exercise, between a leading Cyber Security Business School (University) and a Local Authority looking at business processes and people when it comes to cyber -security, we believe that our people are our biggest assets; however they are also the weakest link in a cyber-security incident. This innovative project takes a holistic approach that must be employed to assess the cyber security threat for Bradford Council. A right balance of people, process and technology is essential for a solid and secure environment; as concentrating only on technology makes the approach very weak.
We believe that whilst the majority of IT Departments look at technology to combat cyber-security, we believe that we also need to look at the underlining processes and people, when it comes to cyber-security and we believe we are the first ever local authority to team up with a leading university in cyber-security to look at this and review our internal processes, security training given to our staff and most of all making our staff more cyber aware at work and at home and reduce the number of cyber incidents caused by ill-informed staff.

What are the key achievements?

The key achievements to date are as follows:
• Chosen a leading University in cyber-security especially around the business school area.
• Bradford Council Corporate Management Team – Approval of the project
• All staff members have had the relevant IT Security Training
• Non-Disclosure Documents signed and agreed
• Data Sharing Agreement in place
• Breath and Scope of Social Engineering Exercises Agreed.
• Departments/Services chosen and on-board.
• Looking at commencing the exercises in the next few months
o Social Engineering Exercises
o IT Training Exercises
The overall achievements will be as follows:
• Before and after results when it comes to the effectiveness of the IT Security training for staff, and a better way to get the message out that is effective.
• IT Security Training that follows the trends of the latest social engineering methods used
• Sharing the outcomes with other WARPs and the NSCS as we believe is sharing what we learn with other organisations so that they can benefit from the work that we have done.
• The use of the information and data collect for the University to use as part of their cyber-security degree courses, for the next generation of IT Security specialist to learn from.