Skip Navigation

  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
  • Research

Welcome

We are the Government authority which provides protective security advice to businesses and organisations across the national infrastructure.

Our advice aims to reduce the vulnerability
of the national infrastructure
to terrorism and other threats,
keeping the UK's essential services safer

What we do

What we do

Our advice aims to reduce the vulnerability of the national infrastructure to terrorism and other threats, keeping the UK's essential services (delivered by the communications, emergency services, energy, finance, food, government, health, transport and water sectors) safer. Without these services, the UK could suffer serious consequences, including severe economic damage, grave social disruption, or even large scale loss of life. CPNI advice is targeted primarily at the critical national infrastructure (CNI) - those key elements of the national infrastructure which are crucial to the continued delivery of essential services to the UK.

What we do

What's new


General

  • CPNI events [03/07/2008]

    CPNI is holding a food defence conference on 24 October 2008

  • SCADA [12/06/2008]

    Updated good practice guidance on securing process control and SCADA systems is now available.

  • Screening [29/02/2008]

    The law on preventing illegal working in the UK has changed. Employers will need to be aware of their responsibilities.

  • Personnel security measures [09/01/2008]

    'Personnel Security: Threats, Challenges and Measures' an introductory guide to personnel security has now been published. This replaces and significantly expands on 'Personnel Security: Managing the Risk'.

  • Viewpoints [27/11/2007]

    A new CPNI Viewpoint paper has been published on 802.11 Wireless Networks.

  • Risk assessment [15/11/2007]

    CPNI publishes new personnel security risk assessment guidance

Advisories

  • 3649 - APPLE-SA-2008-06-30 Security Update 2008-004 and Mac OS X v10.5.4 [01/07/2008]

    Apple have released security ipdate 2008-004 and Mac OS X v10.5.4 that address a number of issues.

  • 3623 - Malware Installed on Removable Media [30/05/2008]

    CSIRTUK have been made aware of an increase in malware (often referred to as computer virus) pre-installed on peripherals and removable media. This advisory raises awareness of the growing threat.

  • 3620 - Adobe Flash player code execution vulnerability UPDATED [28/05/2008]

    Description of a vulnerability in Adobe Flash Player that may allow an attacker to run code on a vulnerable system. There are reports that this vulnerability is being actively exploited.

  • 3619 - Rootkits on Cisco IOS Devices [23/05/2008]

    This advisory is the Cisco PSIRT response to an issue that was disclosed at the EUSecWest security conference on May 22, 2008.

  • 3618 - Mass SQL Injection attacks [23/05/2008]

    CSIRTUK are aware of an increase in SQL injection attacks; the following advisory reinforces established best practice guidance.

What's new

What we do

Top ten security guidelines

The following is a summary of our ten protective security tips:

  • assess the risks to your business
  • consider security first when planning building works
  • establish a security culture in your business
  • keep premises clear and tidy
  • control access points and use staff and visitor passes
  • install physical measures e.g. locks, alarms, CCTV, lighting etc
  • establish good mail handling procedures
  • recruit carefully, checking identities and following up references
  • take proper IT security precautions
  • test your business continuity plans regularly

Top ten security guidelines

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |