A key part of the UK’s National Cyber Security Programme, Cyber Essentials has been designed to meet two objectives:
- Provide a clear guide on the basic controls that should be implemented to mitigate risk
- Provide evidence for businesses to use to be able to demonstrate to clients, investors, insurers and others that the essential precautions have been taken.
Why choose Cyber Essentials?
- It covers the basics of cyber security and can be readily implemented across any sized business.
- The UK Government cites that around 80% of cyber attacks could be prevented if businesses put simple cyber security controls in place.
- It’s not just for one sector. It is relevant to the private sector, universities, charities and the public sector.
- It’s a great tool for businesses to gain clarity on their current security state and implement better controls.
- It is now mandatory for any business bidding for Government contracts, demonstrating that it’s not just a trend, its gaining momentum rapidly.
What does it assess?
This scheme is focused on Internet-originated attacks and is centered on the 5 most important technical controls – boundary firewalls & Internet gateways, secure configuration, access control, malware protection and patch management.
There are two levels of Cyber Essentials – Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is the entry-level certification and the organisation must complete the questionnaire (based on the 5 technical controls) and passed to an approved body for endorsement.
Cyber Essentials Plus requires the business to achieve everything in the entry-level certification and then carry out additional internal and external vulnerability testing.