Our team provides advice and support to individual councils on ways to improve cyber security culture. We do this through our Cyber 360s, reaction exercises and post-incident support.
We provide advice and support to councils through free services like Cyber 360s, Reaction exercises, and post-incident support, focused on supporting one council/shared service at a time.
Our aim is to support councils to improve their understanding of cyber risk, to prevent and resist cyber attacks more effectively, and have the cyber security skills at every level to do so.
The Cyber 360
The 360 is free for councils, managed and facilitated by the LGA, which support improvements in key areas against established good practice.
A team of council officers and external experts will spend two or three days with your council. They will offer advice and support throughout.
A cyber 360 can take place virtually or in-person, which can be spread flexibly over a two week period.
The team will have various conversations with senior leaders, heads of service, cyber and IT professionals throughout.
The team will work together with the LGA to develop a reflective report with recommendations for how you can improve your cyber culture.
A Cyber 360 is all about advice. It should not be seen as a form of compliance, accreditation, health check, or another directive or assurance-based model.
The team will build cyber capabilities by coaching and signposting to advice and guidance. We also seek to help you better understand what good looks like without dictating specific outcomes or actions to be taken.
At the heart of a Cyber 360 is improving cyber security culture. We will prioritise ways you can improve leadership, governance, awareness and training. We will also look at the ways your technology is impacting on culture.
The basis of all conversations will rest on the 360 Framework. This framework brings together existing advice from:
- National Cyber Security Centre
- Scottish Government
- National Institute of Standards and Technology
- The Cabinet Office
- NHS Digital
- Centre for Internet Security
The LGA Cyber 360 Framework uses a sector-led, collaborative method to provide expert guidance to local authority senior leadership and management – highlighting good practice that councils can employ to improve their cyber security posture and practices.
Cyber Reaction Exercises
Cyber reaction exercises, are free for councils, and help to establish how well you might react to a cyber incident, and to practice their response in a safe, constructive environment. This offer encompasses two different types of exercises, which can prove critical to reducing the impact of an attack through good decision making, clear trustworthy communications and learning from incidents.
1. Incident Response
Our facilitated Incident Response exercise, delivered in partnership with Hytec, will give your IT staff the opportunity to work through a scenario with the aim of increasing their confidence in their ability to detect, investigate, respond and then recover from an incident.
This is a desktop exercise taking a couple of hours to complete.
2. Business Continuity
Our facilitated Business Continuity exercise, delivered in partnership with the Emergency Planning College, is designed to build organisational resilience. It will give senior managers the opportunity to:
- Test crisis response and contingency plans for a serious cyber incident.
- Rehearse individuals in crisis response process and procedures.
- Identify where current plans require refinement (update, amend, improve).
- Improve awareness of cyber security and responsibility across the council.
We work with your technical teams and a service area to develop a bespoke reasonable worst case scenario cyber incident, which on discovery, the exercise will be played out.
All councils are invited to apply to undertake an LGA Cyber 360 and Cyber reaction exercise – and council officers from any council can apply to be part of the team (even if their council is not applying for the programme itself).
"We highly valued our Cyber 360, that considered a wide range of issues within the review scope. These extended beyond typical technical controls to the ‘softer’ but important issues of culture, leadership and governance. Gaining input from a range of organisations from across the sector added extra value.”
- Matt Prosser, Chief Executive, Dorset Council
"Since the Cyber 360 team spoke with the Council, there's been agreement to extend the cyber security training to Members."
- Jason Tillyard, Head of ICT & Transformation, Dartford Borough Council