Cyber Essentials is a UK government and industry backed scheme launched in 2014 which describes a baseline set of five mandatory controls for businesses and organisations to adopt to provide them with Cyber Security baseline applicable to all market sectors. Implementation of these controls can reduce the risk of many common cyber attack techniques.
The process by which businesses and organisation obtain Cyber Essentials certification is very straight forward and illustrated in the diagram below.
Initially the organisation defines the Cyber Essentials scope and once identified completes an online questionnaire answering a variety of questions relating to their IT systems. some organisation choose to do this part of the process entirely themselves, others have assistance by qualified Information Assurance professionals. Once completed, answers are verified by an approved Certification Body such as Layer 7 IT Security and if the required standard has been met, Cyber Essentials certification is awarded.
Cyber Essentials Plus provides a higher level of assurance via independent testing by an approved Certification Body authorised to conduct CE Plus assessments, Layer 7 IT Security have been approved since the launch of Cyber Essentials in 2014. External and internal technical security assessments are carried out against the organisations IT systems which were included within the initial Cyber Essentials scope. A full detailed report is provided to the organisation, identifying any areas of concern and remediation activities. An organisation successfully passing the technical testing is awarded the Cyber Essentials Plus certification.
Cyber Essentials focuses on Internet-originated attacks against an organisation’s IT system. For some organisations which have additional services, for example web applications, further controls in addition to those specified by Cyber Essentials may be required. Cyber Essentials concentrates on five key controls,