In October 2014, Cyber Essentials became a minimum requirement for bidding for some government contracts, this includes the newly awarded Crown Commercial Services Framework (CCS). Cyber Essentials aims to help organisations implement basic levels of protection against cyber attack, protecting the confidentiality of data and therefore demonstrating to their customers that they take cyber security seriously. The addition of this accreditation will further enhance our disaster recovery plan which allows us to continue operating in the event of a major incident.
Ignoring cyber-security is no longer an option. One in ten organisations that suffered a breach in the last year were so badly damaged by the attack that they had to change the manner in which they conduct their business.
The scheme is available at two levels:
- Cyber Essentials – an independently verified self assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.
- Cyber Essentials PLUS – a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks.
The five main technical controls are:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Cyber Essentials guidance breaks these down into finer details. These controls can be mapped against the controls required by ISO/IEC 27001:2013, the SOGP, and IASME, although Cyber Essentials has a narrower focus, emphasising technical controls rather than governance, risk, and policy.
For further information please see www.cyberstreetwise.com\cyberessentials