Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cyber Essentials scheme launches to offer self-certified security

by The Gurus
June 5, 2014
in Editor's News
Share on FacebookShare on Twitter

Today sees the UK Government launch a scheme to help businesses become more secure.
 
Developed by Government and industry to provide a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, and to offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions, the Cyber Essentials scheme offers ten steps to security.
 
According to the Telegraph, the scheme is being backed by AIG, Marsh, Swiss Re, the British Insurance Brokers’ Association (BIBA) and the International Underwriting Association, and is available to universities, charities and the public sector. BAE Systems, Barclays and Hewlett-Packard are among the first companies applying for the first awards.
 
The official summary states that there are two level of certification available: Cyber Essentials and Cyber Essentials Plus. A Cyber Essentials certification is awarded on the basis of a verified self-assessment and approved by a senior executive and verified by an independent Certification body.
 
Cyber Essentials Plus offers a higher level of assurance through external testing of an organisation’s cyber security approach. “We anticipate that Cyber Essentials Plus will cost more than the foundation Cyber Essentials certification,” it said. Organisations wishing to become a Certification Body should contact CREST or Information Assurance for Small and Medium Enterprises (IASME).
 
CREST has worked alongside CESG, the Information Security arm of GCHQ, to develop the assessment framework for the scheme. As part of this engagement, CREST defined the policy, procedures and requirements for companies that will provide certification services under the Cyber Essentials Scheme.
 
“Not all organisations have the resources available to invest in the most rigorous levels of information security and compliance. Cyber Essentials addresses this by creating a baseline for UK cyber security,” said Ian Glover, president of CREST.
 
“By assembling and working with a forum of industry and technical experts, CREST has built an assessment framework optimised for the Cyber Essentials Scheme that will ensure organisations of all sizes and from all sectors can be properly and independently assessed to have the key technical controls in place to manage cyber risks.”
 
The ten steps are as follows: home and mobile working; user education and awareness; incident management; information risk management regime; monitoring; network security; removable media controls; malware protection; managing user privileges; and secure configuration. A company must display a good foundation for effective information risk management and the degree of implementation of these steps will vary between organisations depending upon the risks to their individual business.
 
As of 1st October, the UK Government will require all suppliers bidding for certain personal and sensitive contracts which are assessed as higher risk to be Cyber Essentials certified. This will provide further protections for the information the Government ha
ndles and will encourage adoption of the new scheme more widely, according to BIS.
 
Portcullis was one of the three organisations that carried out testing as part of the scheme’s pilot assessment that was overseen by CREST, and Portcullis collaborated with CESG and other key partners in assisting with the practical requirements for the programme and developing the assurance framework.
 
Tim Anderson, commercial director of Portcullis Security, told IT Security Guru that this is intended to display a level of compliance, and that the stamp displays a level of confidence. “There is a push for the UK to be seen as a secure place to do business, and the problem is security within the small business sector, but some security is better than none,” he said.
 
“While the scheme is ideal for small and medium sized enterprises, larger organisations and Government departments will also see value in it, as it allows them to evaluate the security of their supply chain and smaller suppliers.”
 
Simon Hansford, Chief Technology Officer at Skyscape Cloud Services, one of the first organisations to adopt the scheme, said that this will help it demonstrate its commitment to security to our customers.
 
“It is evident that cyber crime is posing an increasingly serious threat to our economy and we believe that The Cyber Essentials Scheme will help to drive awareness of the growing risks and help organisations to mitigate the risks to their business and customers’ data,” he said.
 
“Education is essential, as while larger organisations are more likely to have established frameworks in place for identifying and managing risks related to ICT services and the infrastructure upon which they operate, there are many smaller organisations that will find this process far more challenging.  Schemes such as this are therefore crucial in order to equip businesses with the knowledge and actionable steps that will enable them to understand and recognise threat actors and reduce risks within their own organisations, and ultimately become more resilient and secure as a result.”
 
Mark Brown, director of information security at EY, said: “Whilst this is a positive step, businesses should not view this scheme as a complete solution as it only addresses the basic controls and is therefore representative of the entry level fundamentals which should be adhered to.
 
“For example, the scheme does not include guidance around softer non-technical issues such as business risk management, corporate governance of cyber security or employee awareness. For best practice we would expect businesses to go above and beyond this scheme and as such a continuing refinement and enhancement of this scheme is required in the long-term from Government.”

FacebookTweetLinkedIn
Tags: ComplianceEssentialsGovernment
ShareTweetShare
Previous Post

What makes more secure software?

Next Post

Essential cyber security

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information