Cyber Essentials Scheme
What is the Cyber Essentials Scheme?
Cyber Essentials is a Government-backed and industry-supported scheme to help businesses protect themselves against cyber threats.
As reliance on internet technologies increases, so do the opportunities for criminals and hackers to commit fraud, industrial espionage or the theft of intellectual property. Cyber Essentials defines a set of 5 key security controls which, when properly implemented, will better protect businesses – small and large – from attacks using software and techniques which are freely available on the open internet.
Why Should you Consider Cyber Essentials?
You can prevent many attacks, which use freely available software and techniques, by implementing the Cyber Essentials 5 controls.
You can identify areas for improvement, even if your company has a proven track record of good security, by going through the assessment.
Your business can display the Cyber Essentials badge and demonstrate that it takes cyber security seriously by adhering to a widely-endorsed standard.
Essentials or Essentials Plus?
There are 2 levels of certification, Essentials and Essentials Plus. Once an organisation completes Cyber Essentials, the Plus certification is granted if a successful assessment takes place within 3 months.
Level 1: Cyber Essentials
This basic level of certification is awarded on the basis of a completed self-assessment questionnaire, which is verified by us.
Level 2: Cyber Essentials Plus
This is a higher level of assurance, and you will work with Protos Networks to test that the 5 key controls covered by Cyber Essentials are working in practice with simulated hacking and phishing attacks.
Protos Networks is accredited by IASME to assess and certify against the Government’s Cyber Essentials scheme requirements. We offer consulting services to assist organisations in achieving Cyber Essentials or Cyber Essentials Plus certifications.
1. Boundary Firewalls and Gateways
Use devices designed to prevent unauthorised access to or from private networks.
2. Secure Configuration
Ensure that systems are configured in the most secure way for the needs of the organisation.
3. Access Control
Ensure only those who should have access to systems are provided access at an appropriate level.
4. Malware Protection
Ensure that virus and malware protection is installed and up to date.
5. Patch Management
Ensure the latest supported version of applications is used, and all patches and updates applied.
Cyber Essentials focuses on internet-originated attacks against an organisation’s IT systems. There are 5 key controls included in the assessment. When implemented, these 5 key controls can help defend your IT systems from the majority of internet-based cyber threats.
With our support, you will be able to effectively complete a cyber security risk assessment and assess your systems to meet the requirements of the Cyber Essentials accreditation. You will complete a self-assessment, signed off by a senior executive or officer of the organisation. This self-assessment will be independently verified by us. We will work with you to help you understand any identified weakenesses in your cyber security and provide solutions to assist you in mitigating these risks.
Cyber Essentials Plus offers a higher level of assurance through the external testing of the organisation’s cyber security approach. Once you have received your Cyber Essentials accreditation and carried out any work to mitigate identified risks, we will run a series of penetration tests and carefully managed attacks to test your controls.
Upon successful completion of either stage of the Cyber Essentials scheme, you will receive a certificate and be entitled to display the appropriate Cyber Essentials or Cyber Essentials Plus badge.