Risk & Governance
Security architecture must be grounded in risk management and aligned to governance frameworks. This section covers the foundational governance tools, UK-specific frameworks, and organisational security practices.
In this section
| Page | What it covers |
|---|---|
| Asset Management | Hardware, software, and data asset inventory and lifecycle |
| Supply Chain Security | Third-party risk, software supply chain, SBOM |
| Cyber Assessment Framework (CAF) | NCSC CAF for CNI and public sector organisations |
| Cyber Essentials | UK government-backed baseline certification scheme |
| Operational Security (OPSEC) | Protecting information about your organisation and operations |
| People-Centred Security | Human factors, security culture, and awareness |
| Penetration Testing | Types, scoping, methodology, and UK certification schemes |