New cyber security organisational standards and assurance framework
As part of its committment to keeping the UK safe in cyber space the UK Government decided to review the exisitng Cyber Security Standards for all organisations. Based on its observation the Goverment determined that new organisational standards were required to help businesses deal with the strategic issue of cyber security.
WHAT ARE THE CYBER ESSENTIALS?
The Scheme has been developed in association with the Information Security Forum (ISF), the Information Assurance for SMEs (IASME) and British Standards Institutions (BSI).
It provides organisations with a list of essential security controls, guidance on implementation and an assurance framework for basic cyber hygiene. The independent certification will also provide assurance on the cyber risk management to the organisation's management, their partners and customers.
The Cyber Essentials Scheme covers five areas:
- Boundary firewalls and internet
- Secure configuration
- Access control
- Malware protection
- Patch management
The scheme offers an Assurance Framework to supplement other information security certification and covers the basic controls needed to counter unsophisticated threats from the internet.
The framework is split in two stages:
Cyber Essential: to grant the Cyber Essential certification we would review and validate the self-assessment provided by organisation through reviews of the document, interviews and discussion with the relevant stakeholders.
Cyber Essential Plus: the second level of certification is obtained after conducting a penetration test emulating an attack from a low level attacker and ensuring that the organisation tested meets the requirements of basis assurance.
HOW WE CAN HELP?
We can help our clients at every level of the scheme. We can provide help around implementing the requirements or run the assessments to help you gain your accreditation.