CYBER ESSENTIALS & CYBER ESSENTIALS PLUS
Achieve Your Cyber Essentials Certification
Cyber Essentials for UK Businesses
Cyber Essentials helps guard your business from the most common cyber threats and demonstrate the commitment you have towards cyber security. It is a certification program focused on basic cyber security controls that was created by the UK government’s National Cyber Security Centre and the Information Assurance for Small and Medium Enterprises (IASME) consortium.
The key things to know about Cyber Essentials are:
It specifies a core set of technical controls around five key areas: firewalls, secure configuration, access control, malware protection, and patch management. Businesses must demonstrate they have implemented controls in each area in order to be certified.
The controls defined represent IT security best practices that are simple and inexpensive for most businesses to implement, yet provide protection against the most common cyber attacks.
Once the certification has been achieved, it must be renewed annually, providing an incentive for companies to stay on top of maintaining their defences.
Cyber Essentials has tiers of certification that require different levels of robustness and types of assessments by accredited external auditors. Cyber Essentials Plus is discussed in the next section.
The program represents a cost-effective starting point for cyber security. While more advanced certifications like ISO 27001 might be overkill for many SMEs, Cyber Essentials provides a strong baseline aligned to common cyber threats.
Cyber Essentials Plus for UK Businesses
External Verification
Cyber Essentials only requires a self-assessment questionnaire. But for Cyber Essentials Plus, an independent external IT security professional must audit the implementation of technical controls through validation testing and examination of policies and procedures.
Cyber Essentials Plus certification builds on the core Cyber Essentials requirements. This is by adding some additional elements focused on more rigorous verification and ongoing compliance.
The key additions in Cyber Essentials Plus include:
Assurance Framework
Businesses must develop a framework explaining how they will maintain compliance with Cyber Essentials controls on an ongoing basis across changes to systems, employees, offices etc.
Simulation Testing
As well as testing the current efficacy of controls, external auditors must simulate real-world cyber attack scenarios to evaluate whether the company’s security posture stands up to threats.
Ongoing Audits
Certification must be renewed annually, including an onsite audit, ensuring security provisions do not reduce over time. Audits ensure that as the threat landscape changes, controls are up to date.
Cyber Insurance
£25K of cyber insurance coverage is included to support incident response and recovery costs in the aftermath of a breach.
The extra rigor, testing, and auditing required for Cyber Essentials Plus aims to provide increased confidence in an company’s cyber security measures. The ongoing auditing and simulation testing focuses on cyber resilience – the ability to both resist attacks and recover normal operations quickly. Together, these additions result in a more comprehensive and externally validated defence against cyber threats.
How can we help?
SECURING YOUR DIGITAL
WORLD, ONE BYTE AT A TIME
PHONE: 01223 921 300
EMAIL: ask@cambridgeitsecurity.com
ADDRESS: St Andrews Castle, 33 St Andrew’s Street S, Bury Saint Edmunds, IP33 3PH