June 5th 2014
The Government has today announced the launch of a new scheme to guide organisations in protecting themselves against the most common cyber threats.
The scheme – known as Cyber Essentials – is free to download and can be used by any large or small business or other organisation as guidance to implement essential security controls, providing clarity on good basic cyber security practice. By focusing on basic cyber 'hygiene', companies will be better protected from the most common cyber threats.
The government has worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop the set of basic technical controls for organisations to apply.
The full scheme provides the means for organisations to gain one of two new Cyber Essentials badges: ‘Cyber Essentials’ and ‘Cyber Essentials PLUS'. Cyber Essentials requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body. Under Cyber Essentials PLUS, independent tests of the systems are carried out by an external certifying body using a range of tools and techniques.
The scheme is backed by industry bodie such as the Federation of Small Businesses (FSB) and Conferderation of British Industry (CBI) as well as a number of insurance organisations which are offering incentives for businesses. According to the government, a number of businesses are planning to adopt the scheme, including Barclays, KMPG, BAE Systems, HP and Linklaters, as well as various small businesses such as Nexor, Tier 3 and Skyscape.
There are three documents available to download:
– The Cyber Essentials Summary document provides the background to the scheme and questions and answers about how it works.
– The Cyber Essentials Requirements document sets out the necessary technical controls
– The Cyber Essentials Assurance Framework sets out how the independent assurance process works and the different levels of assessment organisations can apply for to achieve the badges. It also contains guidance for security professionals carrying out the assessments.
From 1 October, the government will require all suppliers bidding for certain ICT and sensitive and personal information handling contracts to be certified against the scheme.
The new scheme is part of the National Cyber Security Programme.
Information can also be accessed at www.cyberstreetwise.com/cyberessentials