Cyber Essentials Update

Background

Ann Barron from Securious Ltd is a Security Consultant – as well as a CE and CE Plus assessor.  On this month’s SWCSC Networking Meeting, Ann delivered a talk on Cyber Essentials and the latest update of the scheme.

Cyber Essentials

  • Provides organisations with an opportunity that protects their security against the 5 technical controls (secure configuration, patch management, boundary firewalls and internet gateways, access control, malware protection)
  • Benefits
    • Reassures clients
    • Attracts new business
    • Free cyber liability insurance
    • Certified organisations are listed on the NCSC directory of businesses who have CE
  • Cyber Essentials is an online questionnaire, then an assessor will check to see if you meet the requirements. If requirements are met, a certificate, badge and report is issued. Organisations will need to pass before going onto CE Plus
  • CE Plus involves external and internal vulnerability assessment scans on desktop audits and malware tests on email accounts and browsers

What’s new?

  • Some clients are sole traders and WFH – need to fit all instances since some questions trip clients up and sometimes CE assessors have to go back to IASME to double check – why do I need to list ALL applications? Some thoughts and q’s are fed back to IASME and then receive a re-vised question set to suit them
  • Many questions have been re-worded (to suit home workers)
  • Cyber Essentials Requirements for IT Infrastructure document must be read before you embark on the CE assessment
  • Additional questions – not a bad thing at all
  • Section 6 has changed the most – from asking for ALL applications, you now just need to provide information on: Internet Browsers, Malware Protection, Email Applications, Office Applications and these are all separated into different sub-sections to help clients and this makes it more user-friendly
  • Question sets will be revised twice a year

Find out more about the NCSC’s Cyber Essentials Scheme here