Unleashed provide a friendly Cyber Essentials Consultancy service, with our unique background in both IT Consultancy, IT security and our many years of providing security focused IT hardware solutions to businesses large and small.

Introduction

In 2014, the UK Government decided to implement a cyber security scheme to help businesses of all size to mitigate cyber-attacks.  This scheme is called Cyber Essentials.

Cyber Essentials has been designed to give a clear statement on basic controls to all organisations with a view to help them to protect their business against common Internet threats.

The Cyber Essential scheme offers a foundation of the basic security measures that your business can implement and build upon.  The UK Government, firmly believes that by implementing basic control measures they can significantly reduce your vulnerability.  However, these control measures are not guaranteed to remove all cyber security risks.  I.e. Cyber Essentials will not stop a targeted attack against your business, for this you need to implement higher security measures than Cyber Essentials.

What Cyber Essentials will do, if give you a structure and define measured controls that provide a cost effective basic cyber security for your business.  By following the 5 steps, the UK Government estimate you can mitigate 80% of cyber-attacks.

Framework

Cyber Essentials comes in two standards – Cyber Essentials and Cyber Essentials Plus.  Both standards have the same questionnaire.  Cyber Essentials is a self-assessment questionnaire that can be filled in by a competent IT person within your organisation and sent off to the certification body for verification.  If all of your answers meet the required standards, you pass and get the Cyber Essentials certificate and can display their logo on your website.  If you fail, you will be told where your security measures fall down and you can rectify that area and re-apply.

For Cyber Essentials Plus (the highest level), the same questionnaires apply but your answers must be verified by an external verification body.  Cyber Essentials Plus can be viewed as an extension to Cyber Essentials.  The verification body will send an auditor to you who will verify all of your self-certification questions and carry out some external penetration tests.

 

 Cyber Essentials Control Processes

Cyber Essentials focuses on Internet-originated attacks against an organisations IT systems and has 5 control measures:

  1. Boundary firewalls and Internet Gateways

These are devices that protect unauthorised access to or from your IT network. They can be dedicated security devices or an Internet facing router.

 

  1. Secure Configuration

This means, your systems are configured to conform with the Cyber Essential guidelines.

 

  1. Access Control

This means, only those people that need to access systems/data can and they have the appropriate set of permissions.

 

  1. Malware Protection

Virus’s and Malware must be installed and kept up to date with the latest patches

 

  1. Patch Management

All of your operating systems and Internet facing devices must be kept up to date with the latest patches and fixes that has been supplied by the vendor.

Assurance framework

We are hearing more and more about organisations exposing customer’s information to cyber threats.  So, this means, it is becoming increasingly important for companies to maintain a robust cyber security policy and equally important, demonstrate this to their customers.

The Assurance Framework has been designed to demonstrate the simple means of third parties to differentiate themselves from companies who are implementing cyber security controls against those who are not.

There are a few ways you can use this framework.  You could use it to differentiate your business against that of a competitor. Or, you could ask insurers, investors and auditors to take the certification into account when assessing your risk factor.

Cyber Essential Consultancy

Whilst Cyber Essentials and Cyber Essentials Plus have been designed to be simple and straightforward, you may need some assistance in getting ready for your accreditation.  That is where Unleashed can help you.

Cyber Essentials can be a time consuming process, getting help from a Cyber Essentials can take the pain and speed up the process.

For more details of how consultancy can help you to get your accreditation call us today on 0333 240 0565