Data / Cyber Security

  1. Home
  2. chevron_right
  3. Services
  4. chevron_right
  5. Data / Cyber Security

Cyber Essentials

The Cyber Essentials scheme was developed to show organisations how to protect themselves against low-level ‘commodity threat’.

Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

Since October 2014, Cyber Essentials compliance has been mandatory for suppliers to the government where the contracts include the handling personal information.

The process of obtaining Cyber Essentials certification is not overly complex, but it does require familiarity with quality standards. Most organisations recognise that there is much advantage in having external assessment to obtain a certificate of compliance which the basic, self certification, doesn’t provide. This is where expert consultants assist.

The scheme lists the following five technical controls which organisations should have in place:

  • Access control
  • Boundary firewalls and internet gateways
  • Malware protection
  • Patch management
  • Secure configuration

While the self-assessment involves answering a detailed questionnaire, providing evidence of achievements, the Cyber Essentials Plus scheme goes further by ensuring an external vulnerability-scan. Such a scan is referred to also as ‘penetration testing’, or ‘pen-testing’ for short.

Which certification should you choose?

While basic self-assessment may suffice for certain government tenders, it does nothing to truly reassure your clients. Conversely, the ‘Plus’ certification is a recognised standard which merits publicity on your website and promotional literature.

The costs

To achieve Cyber Essentials PLUS demands a moderate degree of effort, depending on your current level of IT skills.

The factors for costing revolve around estimating the number of days for an assessor to test your systems. For this, the general considerations are:

  • The number of employees within your organisation;
  • The number – and location – of your offices;
  • The configuration of work stations and servers.

The starting point is to schedule an Cyber Security Assessment and GAP Analysis, which gives you a management summary of your security situation.