top of page

NCSC Cyber Toolbox gets a refresh

The National Cyber Security Centre (NCSC) has released updated recommendations to its Cyber Toolbox five years after the last iteration, with recommendations on managing cyber risks, in addition to enhancing the accessibility and adaptability of its advice, especially for beginners in the field.

The revised guidance incorporates input from users, insights from the NCSC's "sociotechnical and risk group" research, and real-world experience in addressing risk management challenges.

The primary audience for the guidance comprises cybersecurity risk practitioners who assist their organisations in understanding and evaluating cyber security risks.

Additionally, individuals aiming to establish an efficient cyber security risk management function within their organisation for the first time (or those seeking to enhance existing functions) will find it beneficial.

Parts of the guidance have been left unchanged such as how to effectively manage cyber security risk as it is important to use component driven and system driven perspectives on risk, and to make use of a variety of risk management information sources.

The refreshed guidance does however introduce three new sections:

  • An eight-step cybersecurity risk management framework to provide readers with a clear understanding of an effective approach tailored to their organisation.

  • A dynamic cyber security risk management "toolbox" that will expand with time, incorporating emerging techniques. Currently, it encompasses topics such as attack trees, threat modeling, and cyber security scenarios.

  • A fundamental risk assessment and management methodology for individuals new to risk management or those with straightforward needs. This method draws inspiration from NIST and ISO's advocated "bottom-up and component-driven approaches."

The risk management guidance was refreshed after a five-year hiatus, recognising the profound changes that have occurred in the realms of geo-political landscape, technology, and cyber security.

The main objective of the update is to provide relevant up-to date advice that remains applicable to modern technology systems and services.

As always, the guidance is built upon real-world experience gained from tackling the most intricate risk management problems, incorporating valuable feedback from users, and leveraging the expert research conducted by the sociotechnical and risk group.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page