Expertise & Advice
The NCSC ensures that the primary target groups are equipped with tactical and strategic knowledge and substantive perspective for action. Both in the short term, for example, in the field of crises, incidents and threats, and in the long term, via, for example, best practices, lessons learned, presentations and whitepapers. In this regard, the NCSC provides specialist insight into developments, threats and risks in the field of cyber security.
The NCSC brings information and expertise on cyber security together. In this regard, it concerns both information, practical knowledge and experiences, and data from scientific research. Owing to its access to open and closed information, the NCSC has a unique knowledge position. The NCSC has insight into current developments in the field of cyber security. This insight forms the basis for the NCSC actions. In-depth up-to-date knowledge is crucial for preventing ICT security incidents by timely taking adequate measures. The NCSC elaborates on the relevant information by analysing it and mapping possible risks. In this way, the NCSC offers more than the sum of the parts: not only does the NCSC collect information, it also offers insights into the approach and threats and formulates possible measures. In this way, all the parties benefit from the cooperation: in return for the information and knowledge that they contribute, they receive insights and possible perspectives for action.
To spread knowledge, factsheets, files and Cyber Security Assessment Netherlands are published. The insights and knowledge are translated into tailored concrete advice with which organisations can maintain and increase their digital security. Examples are directives for protecting web applications and encrypting network traffic.
The NCSC provides security advice based on its unique knowledge position, experience and network. The knowledge and experiences of the NCSC are built in the operational process in cooperation with the partners. The NCSC provides ad hoc advice, but also participates in various platforms, which demand its knowledge.
Examples of this specific advisory role are:
- advice on security criteria for acquisition processes;
- review of information security policy;
- advice on the organisation of network logging and monitoring systems;
- contribution of expertise in the cyber security and information security platforms of national government;
- advice on security scans and penetration tests in vital sectors with high confidentiality;
- review of a plan of approach for setting up a sectoral CERT (Computer Emergency Response Team).
Factsheet TLS interception
TLS interception makes encrypted connections within the network of an organisation accessible for inspection. The use of this technical measure should be carefully considered in the light of additional risks and should meet a number of important preconditions.
Factsheet Building a SOC: start small
An increasingly common way to achieve visibility and control of information security is to implement a Security Operations Centre (SOC). In order for a SOC to function successfully, it must be tied in with the business processes. This makes building a SOC a major challenge. Due to the many organizational and technical issues that come to mind when setting up a SOC, it...
Factsheet Post-quantum cryptography
The emergence of quantum computers can have major implications for organizations that process sensitive information. Using a future quantum computer, one can decrypt data that is encrypted with popular cryptographic algorithms. The consequences are, however, even more serious. Encrypted data may already be intercepted, awaiting the possibility to decrypt the data with a...
Factsheet Choosing a messaging app for your organisation
Using publicly available messaging apps for business communication involves certain risks and has consequences for both your organisation and information sharing. This factsheet will elaborate on what kind of organisational risks exist when employees use such a publicly available messaging app.