GET QUOTE

Achieving HM Cyber Essentials through Self-Assessment – Part 1

Part 1 – The Cyber Essential Levels

Cyber crime continues to pose a valid and growing threat for every business, large or small.

In direct response to this threat, the UK HM Government began working with IASME (the Information Assurance for Small and Medium Enterprises consortium) and the ISF (the Information Security Forum) in June 2014 to develop “Cyber Essentials“, technical controls to be used by organisations to mitigate the risks associated with common Internet-based threats.

Most risk management business leaders agree. According to Willy Stoessel, Director of The Swiss Re Group, a Zurich-based risk-management insurance group, “The Cyber Essentials Scheme will positively impact the wider UK economy by raising the bar for opportunist attackers.”

What Cyber Essentials will also invaluably do is help bring UK businesses inline with the cyber security compliance requirements to meet the upcoming GDPR which will apply to the UK from 25th May 2018.

 

The Two Levels

The full Cyber Essentials scheme enables organisations to gain one of two levels of certification. By creating two options, organisations have a choice over the cost and level of their assurance.

 

cyber essentials level 1Cyber Essentials (Level 1)

This level requires the organisation to complete a self-assessment questionnaire.

Once completed, the responses are then to be independently reviewed by an external certifying body.

 

 

 

 

cyber essentials level 2Cyber Essentials PLUS (Level 2)

In addition to the requirements of Level 1, this level also requires that the organisation’s systems are tested using a range of tools and techniques.

While larger businesses may have the resources to effectively handle the majority of criminal activities over the Internet, smaller businesses can be at a disadvantage because of their more limited resources. Level 1 allows smaller firms in particular to protect themselves adequately while Level 2 adds additional testing procedures.

 

Both Cyber Essentials documents are provided free for downloading by any organisation and can immediately put them into place. However, once the organisation is certified, the Cyber Essentials badge can be displayed by the business effectively notifying customers, clients, partners, and other interested parties providing independent assurance that the organisation have the proper protections in place and take cyber security seriously. This not only boosts the organisation’s reputation but also provides a competitive selling point by showing that there have been independent assurance that the organisation has the protections in place correctly.

 

Stage Definitions

Stage 1 – Cyber Essentials (self-assessment)

  • This stage of certification provides a basic level of confidence allowing an organisation to have the basic skills necessary to respond appropriately to basic levels of attack.

 

  • At this stage, the scope must be declared in order to continue based on the required network boundaries, locations and management control.

 

  • The organisation then must identify the enterprise IT systems that it believes would be at risk from Internet-based threats or persons with low levels of technical capability.

 

  • The organisation must then declare its compliance with the Cyber Essentials requirements.

 

  • Once the declaration is signed by the organisation’s CEO or equivalent to endorse its accuracy, it is then sent to a Certification Body for verification and awarding of the certificate.

 

Stage 2 – Cyber Essentials (independently tested)

  • This stage contains all the parts of Cyber Essentials plus additional features.

 

  • At this stage, the implemented controls are tested against low-level Internet-based risks.

 

  • This stage tests both inside and outside vulnerabilities of the system.

 

  • Individual controls can be tested to make sure they have been implemented correctly or various attack scenarios can be created to determine if they compromise the system’s capabilities.

 

Cyber Essentials Plus offers a somewhat higher level of assurance by utilising an independent testing regime.

Organisations must re-certify once each year, or more frequently when required to meet specific customer or procurement requirements.

 

[c2a]

Share this:

Facebook
Twitter
LinkedIn
WhatsApp
Email
Print

Read more:

Mar04

Pulse Search and Selection Ltd

Eric, was truly amazing and very patient with me, I lost an excel sheet that I had spent many hours on and he found it and restored it for me. Nicola

Mar04

USnoop Ltd

Quick, helpful, solved the issue David

Mar04

Silva Timber Products Ltd

Quick, and extremely helpful service. Sarah

Mar04

Cairnpark Properties Ltd

We nearly always find that you sort out the problems quickly and we find yourselves very helpful. Keith

Jan29

Richard, Hashtags Etc – Hertfordshire

Often you come off the phone from a customer support helpline feeling “they don’t know anything, this is all bull” but I just came off the phone from Amazing Support feeling confident and happy that they know what the problem is, that the engineer has a solution in mind, that he is working on it, that he will keep me updated and that he will call me back. That’s what you want from a support company.

Jan29

Les, School I.D. – London

Amazing Support visited our office and attended to, in a professional way, all the IT jobs I had requested to have done. The support engineer answered all of the questions I had patiently. He was a very easy person to talk to, very much a people’s person. That is why Amazing Support are a really great IT company to work with.

Reliable IT support you can trust…

Amazing Support
Unit 15, The Hub
Elstree Aerodrome
Hogg Lane, Elstree
Hertfordshire WD6 3AW

Facebook Twitter Linkedin Youtube

Business Applications

IT Consultancy

Managed IT Services

Support Areas

IT Support

Cloud Solutions

Client Support

Legal

  • Amazing Support 2020

Designed and created by JohnLawley.co.uk | Powered by Brick Digital