Cyber Essentials Assessment
What is a Cyber Essentials Assessment?
Cyber Essentials is a government backed scheme to help safeguard your organisation from some of the most common security risks which are prevalent in the world and provides you and your clients with a level of assurance that your systems are protected.
Get certified in 3 easy steps
Complete a simple online questionnaire.
Schedule your vulnerability scan.
If everything is a pass we'll send your certificate.
The Difference Between Cyber Essentials (CE) and Cyber Essentials Plus (CE+)
The Cyber Essentials scheme aims to assess your organisation against a number of categories to ensure you are meeting a baseline security standard for policies, procedures and configurations. The assessment also includes security testing against a range of common and automated threats which may target your publicly accessible systems. The Cyber Essentials PLUS scheme expands upon the Cyber Essentials scheme by incorporating an onsite assessment against a number of your key systems which are used on a day to day basis.
|Simple Online Questionnaire||check||check|
|External Infrastructure Vulnerability Scan||check||check|
|External Application Vulnerability Scan||check||check|
|External Access Control Assessment||check||check|
|Access Permissions Review||check|
|Email Controls Review||check|
|Web Controls Review||check|
|Mobile Device Review||check|
Why Conduct A Cyber Essentials Assessment?
A large number of security incidents which occur are often the result of common attack vectors and automated exploit tools. Cyber essentials is a government backed scheme designed to assess your organisation against a number of these common attack techniques to provide an industry recognised security standard which can provide a level of assurance to your clients that you manage and maintain your data and systems securely.
The assessment has also become a requirement for those organisations wishing to bid for central government contracts which involve sensitive or personal data or the provision of technical products and services.
The Five Security Controls of Cyber Essentials
The Cyber Essentials scheme breaks down into two Certifications, each of which assess your organisations policies, configurations and devices against a number of security standards to ensure your systems are safeguarded against the following categories.
A boundary firewall is a network device which can restrict the inbound and outbound network traffic to a network. It can help protect against cyber attacks by implementing restrictions which can allow or block traffic according to its source, destination and type of communication protocol.
Computers and network devices are not always secure in their default configurations. Standard, out-of-the-box configurations often include a variety of weak-points that attackers can easily abuse. A secure configuration is essential in basic network security.
Every active user account in your organisation facilitates access to devices and applications, and to sensitive business information. By ensuring that only authorised individuals have user accounts, and that they are granted only as much access as they need to perform their role, you reduce the risk of information being stolen or damaged.
If a system is infected with malware, your organisation is likely to suffer from problems like malfunctioning systems, data loss, or onward infection that goes unseen until it causes harm elsewhere. Ensuring a robust anti-malware solution is in place can prevent you becoming a victim.
Vulnerabilities are regularly discovered in all sorts of software. Once discovered, malicious individuals or groups move quickly to exploit these vulnerabilities. Product vendors provide fixes for vulnerabilities identified in products that they still support, in the form of software updates known as ‘patches’. Ensuring patches are applied in a timely manner can significantly reduce the likelihood of compromise.
The Cyber Essentials scheme will allow your organisation to:
Improve the security of your services and systems against a government backed scheme
Provide assurance regarding your systems against a baseline security standard
Meet industry and regulatory body requirements for Cyber Essentials to be performed.
Gain access to a dedicated team of specialist CREST Registered penetration testers who will guide you through the Cyber Essentials process
+ Q: What is the difference between Cyber Essentials and a Penetration Test?
A penetration test is a manual and exhaustive assessment against your systems which seeks to identify any and all vulnerabilities and security issues which may be present or exploited by either an automated or targeted attack.
Cyber Essentials provides a baseline security standard for your organisation and safeguards against an array of common vulnerabilities but does not match the comprehensive assessment standards which a manual penetration test can provide.
+ Q: Why do I need to be Cyber Essentials Certified?
Many organisations will request evidence that you are treating security seriously and have protected your systems from the threat of compromise.
The Cyber Essentials scheme provides a baseline and industry recognised security standard which can be used to demonstrate your commitment to security and is a requirement for central government contracts which involve sensitive or personal data or the provision of technical products and services.
+ Q: What will I receive after the assessment has been completed?
The deliverable from any Cyber Essentials assessment is a complete report, detailing and contextualizing each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.
Upon successfully passing the Cyber Essentials scheme your organisation will receive a certificate and reference number to confirm the completion of your assessment and may be listed under the Cyber Essentials organisation registry.
Your organisation will also be able to use the Cyber Essentials branding on your website and a number of other promotional material.
+ Q: What systems are included within a Cyber Essentials assessment?
The scope for a Cyber Essentials and Cyber Essentials PLUS assessment can vary on a case by case basis depending upon your company’s specific setup and requirements.
To discuss the requirements for any Cyber Essentials assessment, please get in touch.