The Cyber Essentials Scheme
Recognising that not all organisations have the necessary resources to address the business-critical issue of cyber security, the UK Government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to achieve a baseline of cyber security, and against which they can achieve certification to prove their credentials.
If you are completely new to the Cyber Essentials scheme, we recommend you purchase Cyber Essentials – A Pocket Guide.
What is the Cyber Essentials scheme?
The Cyber Essentials scheme is a key deliverable of the UK’s National Cyber Security Strategy/Cyber Programme. Realising that the controls in its 2012 guide, 10 Steps to Cyber Security, were not being implemented effectively, the government instigated a call for evidence on a preferred cyber security standard. In November 2013 it concluded that no individual standard met its specific requirements, so developed the Cyber Essentials scheme, a set of controls and implementation guidance for basic cyber hygiene against which organisations can achieve different levels of certification. Organisations can use certification to demonstrate to their customers and business partners that industry-minimum cyber security measures are in place, and provides evidence to validate the organisation’s security posture. It was released on 7 April 2014 and officially launched on 5 June 2014.
From 1 October 2014, the UK Government has required organisations to prove their compliance with the scheme in order to bid for government contracts that involve the handling of sensitive and personal information, and the provision of certain technical products and services.
Benefits of certification
Certification provides numerous benefits, including the opportunity to tender for business where certification to the scheme may be a prerequisite, reducing insurance premiums, and helping to improve investor and customer confidence.
“Business leaders will benefit from the access to helpful and authoritative cyber security guidance. Encouraging firms to adopt this scheme is a positive step towards greater awareness of cyber security and more widespread action to manage the risks.”
John Cridland, Director General of the CBI
The Cyber Essentials scheme addresses:
the level and different types of cyber threat
vulnerabilities, weaknesses and exploits
cyber incidents and their local and national impacts.
The scheme is backed by major industry players including BAE Systems, Lockheed Martin, Barclays and Hewlett-Packard. The Information Commissioner has stated that he 'supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it'.
The Cyber Essentials scheme covers five key areas
The scheme is derived from the 10 Steps to Cyber Security, particularly five key aspects relating to ISO27001:
Implementing the security measures required when building and installing computers and network devices to reduce unnecessary vulnerabilities.
Boundary firewalls and Internet gateways
Providing a basic level of protection where an organisation connects to the Internet.
Access control and administrative privilege management
Protecting user accounts and helping prevent misuse of privileged accounts.
Keeping the software used on computers and network devices up to date and resisting low-level cyber attacks.
Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software and ransomware), including options for malware removal, which will protect your computer, your privacy, and your important documents from attack.
Do you know whether you meet the requirements of the Cyber Essentials scheme?
Find out by completing our quick online checklist >>
IT Governance offers three unique solutions to certification that will enable you to achieve certification to either Cyber Essentials or Cyber Essentials Plus cost-effectively and easily.
View the three solutions to certification >>