The Cyber Essentials scheme identifies some fundamental technical security controls that an organisation needs to have in place to help defend against Internet-borne threats. It is a government and industry backed scheme which will keep your business secure from the latest online threats.
Cyber Essentials concentrates on five key controls. These are:
- Boundary firewalls and internet gateways - these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective
- Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organisation
- Access control – Ensuring only those who should have access to systems to have access and at the appropriate level
- Malware protection – ensuring that virus and malware protection is installed and is it up to date
- Patch management – ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied
There are two types of cyber essentials accreditation: the first is Cyber Essentials and the second is Cyber Essentials Plus.
Cyber Essentials certification is awarded on the basis of a verified self-assessment. An organisation undertakes their own assessment of their implementation of the Cyber Essentials control themes via a questionnaire, which is approved by a senior executive such as the CEO. This questionnaire is then verified by an independent Certification Body to assess whether an appropriate standard has been achieved, and certification can be awarded. This option offers a basic level of assurance and can be achieved at low cost.
Cyber Essentials Plus offers a higher level of assurance through the external testing of the organisation’s cyber security approach. Given the more resource intensive nature of this process, Cyber Essentials Plus will cost more than the foundation Cyber Essentials certification.
For further information about how to become certified in either Cyber Essentials or Cyber Essentials Plus, please visit the Cyber Essentials website.