Cyber Becomes Essential – Cyber Essentials

Cyber Security a Real Concern

Cyber security is big news gloabally. News feeds regularly feature companies that have had an event of some kind. It may be lost data, lost credit cards or an outage of their service. It is now hitting the board room as a relevant issue of modern business.
Cyber in the UK

In the UK this is just as revelant and now the issue is being taken up by the UK Government. The UK Government is launching a new scheme. The aim is to try and simplify the topic and make it easier for business to implement good security controls. security and risk management course

Introducing the Cyber Essentials Scheme

The Cyber Essentials Scheme consists of five key areas. It is intended to “provide a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats.”

The Five Areas Covered

 

  • Boundary firewalls and internet gateways

 

These are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.

  • Secure configuration

 

Ensuring that systems are configured in the most secure way for the needs of the organisation.

  • Access control

 

Ensuring only those who should have access to systems to have access and at the appropriate level.

  • Malware protection

 

Ensuring that virus and malware protection is installed and is it up to date.

  • Patch management

 

Ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.

Assurance Framework

The Government is looking to organisations to demonstrate they have the basic, good practice principals in place and will expect them to demonstrate this through an accredited process.

Where does ISO27001 (Information Security Standard) Fit In?

The official site states “The first stage in the certification process is to decide which level to certify against – Cyber Essentials or Cyber Essentials Plus. Although there are only two certifications to consider now, an organisation should be aware that future levels are planned, with an aim to further entrench the scheme into an organisation’s over-arching approach to information risk management, such as ISO 27001 and in accordance with the 10 Steps to Cyber Security”

If you are already ISO27001 certified or working towards this standard then you are already doing much of what is needed in the ‘Cyber Essentials Scheme’. But for those businesses who are struggling with the topic or need a baseline to start from, the scheme offers a simple first step.

 

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *