diff --git a/source/standards/disaster-recovery.html.md.erb b/source/standards/disaster-recovery.html.md.erb index 6812209e..3038f518 100644 --- a/source/standards/disaster-recovery.html.md.erb +++ b/source/standards/disaster-recovery.html.md.erb @@ -25,7 +25,7 @@ Disaster recovery planning is the process of identifying the kinds of events tha ### Understand risks and threats to your service -You should work with the [Information Security](https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/directorates-and-groups/cto-and-ciso-office/information-security) and [Cyber Security](https://sites.google.com/cabinetoffice.gov.uk/cybersecurity/home) teams to understand the risks to your service. This will help you build a more resilient and secure digital service. +You should work with the [Information Security](https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/directorates-and-groups/cto-and-ciso-office/information-security) and [Cyber Security](https://intranet.cabinetoffice.gov.uk/it-data-and-security/cyber-and-information-security-services/) teams to understand the risks to your service. This will help you build a more resilient and secure digital service. You should also work with risk and service owners to plan for the worst-case scenarios. This is particularly important for your data, as loss or theft of data is disastrous for most services. diff --git a/source/standards/how-to-do-penetration-tests.html.md.erb b/source/standards/how-to-do-penetration-tests.html.md.erb index 2cebd885..b1e6ce29 100644 --- a/source/standards/how-to-do-penetration-tests.html.md.erb +++ b/source/standards/how-to-do-penetration-tests.html.md.erb @@ -53,7 +53,7 @@ To schedule a test, [Information Security][] team. If you plan to test any application, you must contact the Info Sec team at least 3 months in advance so they can organise the procurement (or call-off against the existing framework) for you. -If you are planning to ask the [COD Cyber] team to perform a test, you will need to enter the information listed in the [scope your test section](#scope-your-test) and the [prepare for your test section](#prepare-for-your-test) into a Rules of Engagement document, where a scope can be agreed and signed off by both parties. As with an external company, you should give at least 3 months' notice to make sure you can schedule the test at a time that suits project timelines. +If you are planning to ask the [Cabinet Office Cyber] team to perform a test, you will need to enter the information listed in the [scope your test section](#scope-your-test) and the [prepare for your test section](#prepare-for-your-test) into a Rules of Engagement document, where a scope can be agreed and signed off by both parties. As with an external company, you should give at least 3 months' notice to make sure you can schedule the test at a time that suits project timelines. ## Prepare for your test @@ -85,7 +85,7 @@ After your test, you should meet with the GDS IA team to discuss and triage (ris Teams should work with the [COD Cyber] team, who can give advice, consult on fixing any issues and take appropriate further action when required. -[COD Cyber]: https://sites.google.com/cabinetoffice.gov.uk/cybersecurity/home +[Cabinet Office Cyber]: https://intranet.cabinetoffice.gov.uk/it-data-and-security/cyber-and-information-security-services/ [Information Security]: https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/directorates-and-groups/cto-and-ciso-office/information-security [GDPR]: https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_en [National Cyber Security Centre (NCSC) CHECK scheme]: https://www.ncsc.gov.uk/information/using-check-provider diff --git a/source/standards/incident-management.html.md.erb b/source/standards/incident-management.html.md.erb index 2e2f077b..1ba48206 100644 --- a/source/standards/incident-management.html.md.erb +++ b/source/standards/incident-management.html.md.erb @@ -175,6 +175,6 @@ Read the [GDS Technical Incident Management Framework and Process](https://docs. [^1]: Note that the incident report template document can only be accessed by people within GDS. [incident-report-template]: https://docs.google.com/document/d/1YDA13RU6wicXoKgDv5VucJe3o_Z0k_Qhug9EJC_XdSE/ -[CO:D Cyber Security team]: https://sites.google.com/cabinetoffice.gov.uk/cybersecurity/report-an-incident +[CO:D Cyber Security team]: https://intranet.cabinetoffice.gov.uk/it-data-and-security/cyber-and-information-security-services/ [GDS Information Security team]: https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/directorates-and-groups/cto-and-ciso-office/information-security [GDS Information Management team]: https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/information-management diff --git a/source/standards/vulnerability-disclosure.html.md.erb b/source/standards/vulnerability-disclosure.html.md.erb index ee5f8512..6348619f 100644 --- a/source/standards/vulnerability-disclosure.html.md.erb +++ b/source/standards/vulnerability-disclosure.html.md.erb @@ -68,7 +68,7 @@ researcher, check with them first and ask which name they wish to have displayed. -[Cabinet Office Cyber Security team]: https://sites.google.com/cabinetoffice.gov.uk/cybersecurity +[Cabinet Office Cyber Security team]: https://intranet.cabinetoffice.gov.uk/it-data-and-security/cyber-and-information-security-services/ [HackerOne]: https://www.hackerone.com [NCC Group]: https://www.nccgroup.com [security policy]: https://www.gov.uk/help/report-vulnerability diff --git a/source/standards/web-application-firewall.html.md.erb b/source/standards/web-application-firewall.html.md.erb index 0168ac7c..b670fbcc 100644 --- a/source/standards/web-application-firewall.html.md.erb +++ b/source/standards/web-application-firewall.html.md.erb @@ -79,8 +79,9 @@ GOV.UK Pay operates under the governance of [PCI compliance and DSS point 6.6](h ## Contact GDS Information Security or CO:D Cyber Security -Contact GDS [Information Security][] or the security architects in the [CO:D Cyber Security team](https://sites.google.com/cabinetoffice.gov.uk/cybersecurity/about-the-team) or use the [#cyber-security-help Slack channel](https://gds.slack.com/messages/CCMPJKFDK/) for help and advice. +Contact GDS [Information Security][] or the security architects in the [CO:D Cyber Security team][] or use the [#cyber-security-help Slack channel](https://gds.slack.com/messages/CCMPJKFDK/) for help and advice. [Information Security]: https://sites.google.com/a/digital.cabinet-office.gov.uk/gds/directorates-and-groups/cto-and-ciso-office/information-security [Cyber Assessment Framework]: https://www.ncsc.gov.uk/collection/cyber-assessment-framework/introduction-to-caf [Secure by Design Principles]: https://www.security.gov.uk/guidance/secure-by-design/ +[CO:D Cyber Security team]: https://intranet.cabinetoffice.gov.uk/it-data-and-security/cyber-and-information-security-services/threat-modelling/ diff --git a/source/stylesheets/screen.css.scss b/source/stylesheets/screen.css.scss index 38d033ca..019536c2 100644 --- a/source/stylesheets/screen.css.scss +++ b/source/stylesheets/screen.css.scss @@ -1,6 +1,7 @@ @import "govuk_tech_docs"; @import "modules/page-banner"; +a[href^="https://intranet.cabinetoffice.gov.uk/"]::before, a[href^="https://sites.google.com/a/digital.cabinet-office.gov.uk/"]::before, a[href^="https://sites.google.com/cabinetoffice.gov.uk/"]::before, a[href^="https://gds.slack.com/"]::before