Background
Ann Barron from Securious Ltd is a Security Consultant – as well as a CE and CE Plus assessor. On this month’s SWCSC Networking Meeting, Ann delivered a talk on Cyber Essentials and the latest update of the scheme.
Cyber Essentials
- Provides organisations with an opportunity that protects their security against the 5 technical controls (secure configuration, patch management, boundary firewalls and internet gateways, access control, malware protection)
- Benefits
- Reassures clients
- Attracts new business
- Free cyber liability insurance
- Certified organisations are listed on the NCSC directory of businesses who have CE
- Cyber Essentials is an online questionnaire, then an assessor will check to see if you meet the requirements. If requirements are met, a certificate, badge and report is issued. Organisations will need to pass before going onto CE Plus
- CE Plus involves external and internal vulnerability assessment scans on desktop audits and malware tests on email accounts and browsers
What’s new?
- Some clients are sole traders and WFH – need to fit all instances since some questions trip clients up and sometimes CE assessors have to go back to IASME to double check – why do I need to list ALL applications? Some thoughts and q’s are fed back to IASME and then receive a re-vised question set to suit them
- Many questions have been re-worded (to suit home workers)
- Cyber Essentials Requirements for IT Infrastructure document must be read before you embark on the CE assessment
- Additional questions – not a bad thing at all
- Section 6 has changed the most – from asking for ALL applications, you now just need to provide information on: Internet Browsers, Malware Protection, Email Applications, Office Applications and these are all separated into different sub-sections to help clients and this makes it more user-friendly
- Question sets will be revised twice a year
Find out more about the NCSC’s Cyber Essentials Scheme here