Cyber Essentials Standard at a Glance
Cyber Essentials is the UK Government-backed and industry-supported scheme for a basic level of protection against cyber attack. The certification has two functions:
- providing a clear statement of the basic measures organisations should implement to mitigate the risk from common internet based threats
- provide certification to enable organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
There are five security controls that all businesses should all be implementing
1 Boundary Firewalls and Internet Gateways
These are devices designed to prevent unauthorised access to or from private networks. Good setup of these devices is important for them to be fully effective.
2 Secure Configuration
Ensuring that systems are configured in the most secure way for the needs of the organisation.
3 Access Control
Ensuring only those who should have access to systems have access and at the appropriate level.
4 Malware Protection
Ensuring that virus and malware protection is installed and is up to date.
The organisation answers questions about how security is managed within their organisation. To pass certification most questions need to be answered positively. A board member asserts that the questions have been answered honestly.
The questions are marked by an accredited assessor who is a security professional and has been through training and licensed with IASME.
See FAQ for common Questions about Self-Assessments.
Cyber Essentials Plus
Having passed the basic self-assessment, organisations can opt to upgrade their certifications to Cyber Essentials Plus.
Security measures are verified by an independent auditor, providing further proof you are following the requirements of your chosen standard.
Organisations are expected to complete audited certification with 3 months of having passed the self-assessment level.
See FAQ for common Questions about Cyber Essentials Plus
A Step Up
A step up from Cyber Essentials is the IASME Governance Standard,
For more information click here
For a comparison of the Cyber Essentials is the IASME Governance Standard available
Implementing these measures can significantly reduce an organisation’s vulnerability. However, it does not offer a silver bullet to remove all cyber security risk.
For a full definition of the Cyber Essentials standard click here
Let Whitgift Security help you through the process – to see how we can help click here