Cyber Essential Scheme

The Cyber Essentials Scheme

 

Cyber Essentials is a UK Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats.

Cyber Essentials is for all organisations, of all sizes, and in all sectors. Organisations are encourage to adopt the CE requirements as appropriate to their business i.e. tailor them. This is not limited to companies in the private sector, but is also applicable to Universities, Charities, and Public Sector organisations.

Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services.

 

Cyber Essentials scheme is a cost effective, government driven cyber-security standard, ideal for small and medium sized enterprises or organisations looking to understand there cyber security risk appetite. Organisations can be assessed and certified against this standard. It identifies the risks and security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.

It provides organisations with clear guidance on implementation as well as offering independent certification for those who want it.

Whilst providing a basic but essential level of protection, the Cyber Essentials scheme enables organisations that believe they are practicing robust cyber security to benefit by making this a unique selling point thereby enabling business. Upon certification, they can then demonstrate to their customers that their data is adequately protected and that they take cyber security seriously

 

The scheme focuses on the following five essential mitigation strategies within the context of the 10 Steps to Cyber Security guide.

  • Boundary Firewalls and Internet Gateways

  • Secure Configuration

  • Access Control

  • Malware Protection

  • Patch Management

 

An added benefit to Cyber Essential, You also get free Cyber insurance a must have in today’s work place

 

Axiom Cyber Intelligence will be on hand to help you through this process from enquiry to certification.

 

 

Getting your Business Certified

 

The first stage in the certification process is to decide which level to certify against – Cyber Essentials or Cyber Essentials Plus

  • Cyber Essentials - organisations complete a self-assessment questionnaire which is reviewed by Axiom Cyber Intelligence

  • Cyber Essentials Plus - tests of an organisation's systems are carried out by Axiom Cyber Intelligence

 

The key differentiator for Cyber Essentials Plus is the inclusion of a technical review of the organisation’s workstations and this additional phase of testing increases the validity of certification considerably by providing evidence of compliance against the following scenarios:

Can malicious files enter the organisation from the Internet through either web traffic or email messages?
Should malicious content enter the organisation, how effective are the anti-virus and malware protection mechanisms?
Should the organisation’s protection mechanisms fail, how likely is it that the organisation will be compromised due to failings in the patching of the organisation’s workstations?

 

Cyber Essentials Plus is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.

Once an organisation has been assessed against the Cyber Essentials security criteria and passes, they will receive the relevant Cyber Essentials award based on the level of certification achieved, which demonstrates that they have achieved a fundamental level of cyber security.

 

For more information, please contact us at info@axiomci.co.uk