Cyber Essentials - HM Government launch new security award scheme
The Rt Hon David Willetts MP, Minister of State at the Department for Business, Innovation & Skills launched a new set of standards aimed at helping organisations i) to reduce their vulnerability to cyber threats; and ii) to demonstrate that the organisation takes seriously the safeguarding of information.
The scheme is aimed at all businesses and not-for-profit organisations and to reflect the differing security risks of organisations there are two levels of award, namely, Cyber Essentials and Cyber Essentials Plus. The former award has a self-certifying approach requiring the Chief Executive Officer to declare that the organisation meets the requirements of the standard. The declaration will be sent to a certification body for verification and providing sufficient confidence exists in the implementation of the necessary controls, a certificate will be issued.
The Cyber Essentials Plus award requires independent testing of the organisations security controls. The testing required will establish the effectiveness of the controls implemented by using vulnerability and penetration tests. The Plus award offers a higher level of assurance to interested parties and the organisation will need to make a judgment as to which award level best suits the organisation.
The requirements of both levels of the scheme centre on the full implementation of controls under the following, selected categories: -
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Adoption of the controls is clearly best practice for any organisation and although the scheme is voluntary the Government has stated that as from 1st October 2014 certain public sector contracts will only be awarded to suppliers who have adopted the Cyber Essentials scheme and gained the award. It is envisaged that many other parties will begin to expect organisations to have gained the award such as insurance companies, regulatory bodies and larger corporates.
Further details of the scheme can be found athttps://www.gov.uk/government/publications/cyber-essentials-scheme-overview
Yellowspring has been involved in the development of the Scheme and is already able to assist organisations who wish to work towards gaining either of the awards. For more information please contact Maria West on 01268 494101 or email firstname.lastname@example.org.