Affordable | Achievable | Relevant
The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security, and through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. Click here for the Cabinet Office procurement rules.
ProSec2 policies now include all the controls needed to achieve CE accreditation.
Addressing the Threat
Cyber Essentials defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online.
Risk management is the fundamental starting point for organisations to take action to protect their information. However, given the nature of the threat, Government believes that action should begin with a core set of security controls which all organisations – large and small – should implement. Cyber Essentials defines what these controls are.
Contact us to order your ProSec2 package.
We will arrange a date for your initial preparation meeting with a ProSec2 security consultant.
If you have any queries about the ProSec2 service please use the form to the right.
The Scheme Requirements Document focuses on Internet-originated attacks against an organisation’s IT system. Many organisations will have particular additional services, e.g. web applications, that will require additional and specific controls beyond those provided by Cyber Essentials. Cyber Essentials concentrates on five key controls. These are:
1. Boundary firewalls and internet gateways - these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.
2. Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organisation
3. Access control – Ensuring only those who should have access to systems to have access and at the appropriate level.
4. Malware protection – ensuring that virus and malware protection is installed and is it up to date
5. Patch management – ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.
WHITE LABEL SERVICE
Become an APA (Accrediated ProSec2 Advisor) and offer the ProSec2 service to your own clients
CYBER ESSENTIALS CHECKLIST