What is Cyber Essentials

Cyber Essentials Basic – Self Assessment

Multi choice self assessment questionnaire covering the 5 core elements of the Cyber Essentials Scheme that all organisations should adhere to: (see below for further details)

  1.         Using a firewall to secure your Internet connection
  2.         Choosing the most secure settings for your devices and software
  3.         Controlling who has access to your data and services
  4.         Protecting yourself from viruses and other malware
  5.         Keeping your devices and software up to date

Cyber Essentials Plus – Audited

In this part of the Cyber Essential scheme if you choose to gain certification for it, your systems as defined in the Cyber Essentials Self Assessment are audited to prove that the defenses are active and effective, each layer of defense is tested, giving you the business owner and also your current and future clients confidence that you take cyber security seriously by verify it is working. Unlike typical vulnerability testing the Cyber Essentials Plus audit tests the defense mechanisms used by businesses rather than just looking for vulnerabilities to exploit.

Cyber Essentials Plus works alongside ISO 27001 proving the information security management controls are working.

CyberAggress (Aggress Ltd) is the only IASME Cyber Essentials Certification body to provide Cyber Essentials Plus in Western Scotland.

I want Cyber Essentials

Extra’s

  1. Cyber Essentials Plus – Pre-Assessment – gap analysis prior to audit – £POA
  2. Add on IASME GDPR questions that can be used to show compliance with core areas of GDPR – £100+vat
  3. Add on IASME Governance Standard self assessment for an additional – £150+vat
  4. Full IASME Governance Standard audited assessment  – £POA

What’s in it for me?

  • Competitive advantage
  • Win contracts over those that don’t have it
  • If you deal will with Government/local authority contracts it is in now mandatory for many
  • Reduce your risk, save money on your insurance premium
  • Free Cyber insurance for one year**
  • Show due care and active risk management ready for GDPR (General Data Protection Regulation)
  • Avoid or reduce the impact of a breach, reduce the cost to recover, reduce the fine the ICO could hit you with
  • Established minimum standard
  • Best practice with many official bodies (Accountants, Lawyers, Estate-agents…)
  • According to a Cyber Security Breaches Survey 2017 46% of all UK business have identified at least 1 security breach in the last 12 months (2016-2017) (https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2017)
  • Only half of all firms (52%) have enacted ‘basic’ technical controls across the five areas laid out under the Government-endorsed Cyber Essentials Scheme
  • This means that 48% of businesses still do not have the basic protection in place or have not formalised their approaches to cyber security
  • Crypto-ransom is a multi billion dollar industry, Cyber Essentials reduces your businesses risk of being a victim
  • 72% of cases where firms identified a breach or attack are related to staff receiving fraudulent emails (phishing)
  • 33% of cases are related to viruses, spyware and malware (hacking)
  • 27% of cases are related to people impersonating the organisation in emails or online (hacking/phishing)
  • 17% of cases are related to ransom-ware (hacking/phishing)
  • Cyber Essentials will directly mitigate 80% of commodity hacking or phishing attempts
  • Gaining certification and actively practising good cyber security house keeping can significantly reduce the risk of most common cyber attacks, and shows a level of risk management as required by GDPR/Data Protection Law.
  • Cyber Essentials is mandatory for Central Government Contracts some require Cyber Essentials Plus as minimum in addition to ISO 27001
  • Cyber Essentials is backed by the UK and Scottish Governments.

How Do I get it?

  1. Call 01292 811 811 or email us at cyberessentials@aggress.co.uk
  2. We will discuss your needs and timelines
  3. From here you will either:
    1. complete the online submission through our portal and get certified on meeting the requirements
    2. or, for basic, have a walk/talk through with our certified assessor via phone and email over a total of 2 to 4 hours of support, depending on your location the assessor may visit, and help you determine where you are and where you need to be to meet the Cyber Essentials requirements. When you and the assessor are happy you can formally submit through our portal.
    3. where Cyber Essentials Plus is required a scoping exercise will ensure good coverage and efficient testing takes place, expediting the process.

*all prices are plus VAT
**details of the insurance policy available on request

Background to Cyber Essentials

Cyber Essentials Scheme was set up by the UK government in 2014 and is now a worldwide recognise baseline standard for IT security. At it’s core it covers 5 areas of IT and IT security controls, the scheme focuses on preventing attacks originating from the internet aimed at a businesses IT infrastructure. Theses attacks come from the network boundary (connection to your broadband) to the end device (PC/Laptop/Server/Smart Phone etc).

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of business can implement and potentially build upon. Implementing these measures can significantly reduce your business’s vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence businesses facing these threats will need to implement additional measures as part of their security strategy.

What Cyber Essentials does do is define a focused set of controls which will provide cost effective, basic cyber security for all sizes of business.  With Cyber Essentials you get a choice over the level of assurance you wish to gain (basic/plus) and the cost of doing so.

It is important to recognise that certification only provides a snapshot of the cyber security practices of the business at the time of assessment, maintaining a robust cyber security stance requires additional measures such as a sound risk management approach, as well as on-going updates to the Cyber Essentials control themes, such as patching.

It offers the right balance between providing additional assurance of an business’s commitment to implementing cyber security to third parties, while retaining a simple and low cost mechanism for doing so.