GET QUOTE

Achieving HM Cyber Essentials through Self-Assessment – Part 1

Part 1 – The Cyber Essential Levels

Cyber crime continues to pose a valid and growing threat for every business, large or small.

In direct response to this threat, the UK HM Government began working with IASME (the Information Assurance for Small and Medium Enterprises consortium) and the ISF (the Information Security Forum) in June 2014 to develop “Cyber Essentials“, technical controls to be used by organisations to mitigate the risks associated with common Internet-based threats.

Most risk management business leaders agree. According to Willy Stoessel, Director of The Swiss Re Group, a Zurich-based risk-management insurance group, “The Cyber Essentials Scheme will positively impact the wider UK economy by raising the bar for opportunist attackers.”

What Cyber Essentials will also invaluably do is help bring UK businesses inline with the cyber security compliance requirements to meet the upcoming GDPR which will apply to the UK from 25th May 2018.

 

The Two Levels

The full Cyber Essentials scheme enables organisations to gain one of two levels of certification. By creating two options, organisations have a choice over the cost and level of their assurance.

 

cyber essentials level 1Cyber Essentials (Level 1)

This level requires the organisation to complete a self-assessment questionnaire.

Once completed, the responses are then to be independently reviewed by an external certifying body.

 

 

 

 

cyber essentials level 2Cyber Essentials PLUS (Level 2)

In addition to the requirements of Level 1, this level also requires that the organisation’s systems are tested using a range of tools and techniques.

While larger businesses may have the resources to effectively handle the majority of criminal activities over the Internet, smaller businesses can be at a disadvantage because of their more limited resources. Level 1 allows smaller firms in particular to protect themselves adequately while Level 2 adds additional testing procedures.

 

Both Cyber Essentials documents are provided free for downloading by any organisation and can immediately put them into place. However, once the organisation is certified, the Cyber Essentials badge can be displayed by the business effectively notifying customers, clients, partners, and other interested parties providing independent assurance that the organisation have the proper protections in place and take cyber security seriously. This not only boosts the organisation’s reputation but also provides a competitive selling point by showing that there have been independent assurance that the organisation has the protections in place correctly.

 

Stage Definitions

Stage 1 – Cyber Essentials (self-assessment)

  • This stage of certification provides a basic level of confidence allowing an organisation to have the basic skills necessary to respond appropriately to basic levels of attack.

 

  • At this stage, the scope must be declared in order to continue based on the required network boundaries, locations and management control.

 

  • The organisation then must identify the enterprise IT systems that it believes would be at risk from Internet-based threats or persons with low levels of technical capability.

 

  • The organisation must then declare its compliance with the Cyber Essentials requirements.

 

  • Once the declaration is signed by the organisation’s CEO or equivalent to endorse its accuracy, it is then sent to a Certification Body for verification and awarding of the certificate.

 

Stage 2 – Cyber Essentials (independently tested)

  • This stage contains all the parts of Cyber Essentials plus additional features.

 

  • At this stage, the implemented controls are tested against low-level Internet-based risks.

 

  • This stage tests both inside and outside vulnerabilities of the system.

 

  • Individual controls can be tested to make sure they have been implemented correctly or various attack scenarios can be created to determine if they compromise the system’s capabilities.

 

Cyber Essentials Plus offers a somewhat higher level of assurance by utilising an independent testing regime.

Organisations must re-certify once each year, or more frequently when required to meet specific customer or procurement requirements.

 

[c2a]

Share this:

Facebook
Twitter
LinkedIn
WhatsApp
Email
Print

Read more:

Apr02

Paul Isaacs – Generator Group

Proud of my team Generator Group of Companies this week who rose to the challenge. We were ready thanks to Amazing Support for remote working with everything already being in the cloud and accessible to us all

Apr02

Dawn Spear – Resolve Corporate

As a very new customer to you we are so pleased that we have chosen AS as our IT protection Company – cant wait to get the server up and running.

Apr02

Andy Stern – Analytica Media

Despite increased demand our issue was dealt with swiftly and well.

Apr02

Krishna Ruparelia

Thanks Jamie to you and the team at Amazing Support for an IT setup that allows us to effortlessly WFH (work from home)

Apr02

Steven Jones – Spotlite Claims

Many thanks Aaron. You have been quite brilliant as ever throughout this process. Can’t thank you enough!

Mar04

Pulse Search and Selection Ltd

Eric, was truly amazing and very patient with me, I lost an excel sheet that I had spent many hours on and he found it and restored it for me. Nicola

Reliable IT support you can trust…

Amazing Support
Unit 15, The Hub
Elstree Aerodrome
Hogg Lane, Elstree
Hertfordshire WD6 3AW

Facebook Twitter Linkedin Youtube

Business Applications

IT Consultancy

Managed IT Services

Support Areas

IT Support

Cloud Solutions

Client Support

Legal

  • Amazing Support 2020

Designed and created by JohnLawley.co.uk | Powered by Brick Digital