Cyber Security a Real Concern
Cyber security is big news gloabally. News feeds regularly feature companies that have had an event of some kind. It may be lost data, lost credit cards or an outage of their service. It is now hitting the board room as a relevant issue of modern business.
Cyber in the UK
In the UK this is just as revelant and now the issue is being taken up by the UK Government. The UK Government is launching a new scheme. The aim is to try and simplify the topic and make it easier for business to implement good security controls. security and risk management course
Introducing the Cyber Essentials Scheme
The Cyber Essentials Scheme consists of five key areas. It is intended to “provide a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats.”
The Five Areas Covered
- Boundary firewalls and internet gateways
These are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.
- Secure configuration
Ensuring that systems are configured in the most secure way for the needs of the organisation.
- Access control
Ensuring only those who should have access to systems to have access and at the appropriate level.
- Malware protection
Ensuring that virus and malware protection is installed and is it up to date.
- Patch management
Ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.
The Government is looking to organisations to demonstrate they have the basic, good practice principals in place and will expect them to demonstrate this through an accredited process.
Where does ISO27001 (Information Security Standard) Fit In?
The official site states “The first stage in the certification process is to decide which level to certify against – Cyber Essentials or Cyber Essentials Plus. Although there are only two certifications to consider now, an organisation should be aware that future levels are planned, with an aim to further entrench the scheme into an organisation’s over-arching approach to information risk management, such as ISO 27001 and in accordance with the 10 Steps to Cyber Security”
If you are already ISO27001 certified or working towards this standard then you are already doing much of what is needed in the ‘Cyber Essentials Scheme’. But for those businesses who are struggling with the topic or need a baseline to start from, the scheme offers a simple first step.