Cyber Essentials is a standard developed by the UK government in collaboration with industry partners and is managed by the National Cyber Security Centre. The standard sets a baseline of cyber security fundamental controls that organisations need to apply in order to be certified. The purpose of the standard is to help organisations protect themselves from hacking, phishing and password guessing.
The standard is split in to five technical control areas:
- Secure configuration
- User access control
- Malware protection
- Patch management
Before any work is carried out, you must first assess what is in scope for the certification. It is strongly suggested that your entire IT infrastructure is places in scope. This ensures that essential security is applied across your entire environment without any weak gaps. The scope must be agreed between you and the certification body before the assessment is carried out.
The basic Cyber Essentials process can be done as a self-assessment to a certification body, with then finally conducting a vulnerability test on your external facing presence. The cyber essential plus requires the same standards be met, but is certified by an audit and internal testing, by a certification body. There are a variety of certification bodies that should test to the same standard. However, there are some minor differences between them so you should first ask yourself if there is a specific need to achieve one certification over another.
Talk with an Expert
Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.