Part 2 of 3. This is the second in a series of blog articles where Ascentor discuss some of the recent UK Government Information Assurance changes – and what they mean for you.
Written to be concise, they explain the essential “need to know” facts and implications with links to read further should you wish.
In part 2 of the series, we look at:
- Cyber Essentials
- The Cyber Security Model (CSM) of the Defence Cyber Protection Partnership (DCPP)
- The new PSN Compliance process
Cyber Essentials
What’s changed?
Cyber Essentials is seen as the “organisational standard” for all UK businesses and organisations that want to mitigate basic cyber risks. Launched in June 2014 and developed by government and industry, it offers two relatively low-cost levels of certification – Cyber Essentials and Cyber Essentials Plus.
The Government’s summary paper on the Cyber Essentials scheme describes it as: “A set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online.”
Cyber Essentials concentrates on five key controls relating to the CESG “10 Steps to Cyber Security” published in 2012. These controls were identified by the government as those that, if they had been in place, would have stopped the majority of the successful cyber attacks over the last few years.
Why do you need to know?
It’s not just the large organisations that are at risk from cyber attack. If you are in business and online, you are a target. Implementing Cyber Essentials will provide measures to reduce your vulnerability to a cyber security attack.
There’s also a potential legal requirement. If you are an organisation bidding for public sector contracts involving access to government information – in some cases Cyber Essentials certification has been mandatory since October 1st 2014.
But, you can also steal a march on your competition. Cyber Essentials certification will demonstrate your cyber resilience and level of compliance to customers.
A word of caution. While Cyber Essentials is a positive step towards better security, it is important to recognise that certification is only an audit and “snapshot” of your cyber security capability – at the time of assessment. Consequently, it shouldn’t be seen as evidence of ongoing cyber security effectiveness.
How do you get further information?
The Ascentor website has a dedicated Cyber Essentials page with details of the different levels and how we can support you to ensure you meet this security management standard.
Cyber Streetwise: The Government’s official Cyber Essentials site.
For more information:
If you have found this article interesting, the Ascentor blog regularly carries articles about cyber security and information assurance issues. You might also like to keep in touch with Ascentor by receiving our quarterly newsletter and following us on LinkedIn and Twitter.
If you’d like to discuss how our consultants could advise on any aspect of cyber security, please contact Dave James at Ascentor.
