Many types of cyber attacks are performed, however the great majority are carried out by people with little or no technical expertise. A thief trying to get into your house by breaking in via the open front door is exactly what these people are like on the internet. Cyber Essentials is aimed at protecting you from these kinds of attacks.
We are accredited by IASME to assess and certify organisations under the National Cyber Security Centre Cyber Essentials scheme. Our methodology meets the requirements of this scheme.
It is possible to become certified in two ways:
A wide range of the most prevalent cyber threats can be prevented using the self-assessment option.
- Peace of mind – Cyber Essentials certification ensures that your defences will protect against most typical cyber attacks because the bulk of these attacks are seeking for targets that do not have the Cyber Essentials technical controls in place.
- Preventing cyber incidents – Cyber Essentials instructs you on how to guard against the most frequent types of cyberattacks.
An additional layer of protection is included in Cyber Essentials Plus.
Cyber Essentials Plus
Cyber Essentials Plus retains the simplicity of the Cyber Essentials approach, but a hands-on technical verification by one of our experienced assessors is required for the Cyber Essentials Plus certification to ensure that the declared controls have been implemented.
What are the benefits of Cyber Essentials to my business?
Cyber essentials provides your business with security that has been independently verified. This allows you to:
- Assure your clients that you are taking steps to protect your IT system from a cyber attack.
- Bring in new business by promising that you have implemented cyber security measures.
- Have a clear picture of your company’s cyber security. Cyber Essentials certification is required for several government contracts.
What is reviewed during Cyber Essentials and Cyber Essentials Plus assessments?
The scope for Cyber Essentials and Cyber Essentials Plus assessments is the same. Both assessments include a self-assessment form to be filled by you, on top of which the Cyber Essentials Plus assessment will entail an audit by our experienced assessors to ensure that the declared controls are implemented on your organisation’s network.
Documentation and Process Audit
Client policies and processes are reviewed to assess key technical controls are in place for.
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
External Infrastructure Scans
An unauthenticated vulnerability scan supplemented by web application scanning. Scored using CVSSv3 and OWASP.
Manual testing to assess password strength.
An authenticated scan of a sample of devices including workstations, tablet and mobile devices to assess firmware, OS and third-party software including patch levels and antivirus.
Testing of malware protection provided by web browsers and email clients.
Web Application Testing
Web application attacks range in size and complexity, from the exploitation of vulnerable open source components, to app-specific attacks which take advantage of user controls. Internal web applications are at risk too, from disgruntled or malicious users who may find loopholes and use their position to wreak havoc. Learn more >
If you develop a software product or service, are you confident that it’s as secure as it can be? Your clients rely on you to keep their data secure, so if you’ve not had your product or service independently assessed, your reputation is at risk if a vulnerability is discovered. Learn more >