According to a statistical research of the University of Portsmouth for the government of the UK, more than 80% of the cyber-attacks affecting businesses in the UK could have been prevented by the implementation of some basic security controls.
To help organizations adopt good practices in information security, the UK government released a government-endorsed certification scheme called Cyber Essentials in 2014.
What is the Cyber Essentials Certification?
Run by the National Cyber Security Centre (NCSC), Cyber Essentials was developed in collaboration with industry partners such as the Information Security Forum, the Information Assurance for Small and Medium Enterprises Consortium, and the British Standards Institution.
On a very basic level, the goal of the certification is to protect the confidentiality, integrity and availability of company information from internet threats. However, it is important to note that Cyber Essentials is a basic level of due diligence from which to build on and not a comprehensive cybersecurity strategy. There are two types of certifications: Cyber Essentials and Cyber Essentials Plus.
The Cyber Essentials scheme addresses the most common Internet-based threats to cybersecurity — particularly, attacks that use widely available tools and demand little skill. The scheme considers these threats to be hacking, phishing, and password guessing.
What are the Benefits of Being Certified?
By achieving the certification, your business shows its commitment to cyber security. Your suppliers, partners and clients feel more confident in sharing data with you. If you are tendering for government projects, you must have Cyber Essentials. Some of the MoD projects and Local Authorities are asking for a minimum of Cyber Essentials Plus.
What are the Five Technical Controls?
Cyber Essentials tests the following 5 areas of your IT infrastructure:
Firewalls: Use of either personal, built-in or dedicated boundary firewalls to secure the Internet connection.
Secure Configurations (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Neil Harvey. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-essentials-certification-help-business/