This is an old revision of this page, as edited by Bobrayner (talk | contribs) at 01:10, 1 July 2014 (Created new article: Cyber Essentials). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 01:10, 1 July 2014 by Bobrayner (talk | contribs) (Created new article: Cyber Essentials)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)Cyber Essentials is a UK government scheme encouraging organisations to good practice in information security. It includes an assurance framework, and simple set of security controls, to protect IT. It was launched in 2014 by the Department for Business, Innovation and Skills.
Assurance framework
Organisations can earn two levels of certification, or badges:
- Cyber Essentials: Organisations self-assess their systems, and this assessment is independently verified.
- Cyber Essentials Plus: Systems are independent tested, and Cyber Essentials is integrated into the organisation's information risk management.
Annual recertification is required. Certifying Bodies are, in turn, licensed by Accreditation Bodies, which have been appointed by UK government. CREST has developed an assessment framework.
As with ISO27001:2005, organisations may choose to limit the scope of certification to a certain subset of their business.
Controls
The five main technical controls are:
- . Boundary firewalls and internet gateways
- . Secure configuration
- . Access control
- . Malware protection
- . Patch management
Cyber Essentials guidance breaks these down into finer details. These controls can be mapped against the controls required by ISO 27001:2013, the SOGP, and IASME, although Cyber Essentials has a narrower focus, emphasising technical controls rather than governance, risk, and policy.
History
The Cyber Essentials scheme was launched on 5 June 2014. Several organisations were already certified by the end of June. Starting in October 2014, Cyber Essentials certification will be required for government suppliers which handle certain kinds of sensitive and personal information. This is encourages adoption by businesses wishing to bid for government contracts. Insurers have suggested that certified bodies may attract lower insurance premiums.
See also
- CESG
- Government Digital Service
- HMG Infosec Standard No.1, a more detailed standard which applies to most UK government bodies
- Government Security Classifications Policy
- UK cyber security community
- ISO 27001:2013
- Critical Infrastructure Cybersecurity Framework
External links
References
- "Government scheme shows who can be trusted on cyber security". Telegraph. 05 June 2014. Retrieved 1 July 2014.
{{cite news}}: Check date values in:|date=(help) - "'Cyber Essentials' scheme launched". ICO. Retrieved 1 July 2014.
- "Cyber Essentials Scheme Assurance Framework" (PDF). HM Government. Retrieved 1 July 2014.
- Hotchin, Jenny. "Mitigating the risks created by cyber attacks". Retrieved 1 July 2014.
- "CREST supports UK Government Cyber Essentials scheme". CREST. Retrieved 1 July 2014.
- "Requirements for basic technical protection from cyber attacks" (PDF). HM Government. Retrieved 1 July 2014.
- "First seven SMEs bite on Government's flagship Cyber Essentials scheme". Computer World. 30 June 2014. Retrieved 1 July 2014.
- "Cyber essentials scheme: overview". GOV.UK. Retrieved 1 July 2014.
- "Cyber risk and the UK's Cyber Essentials Scheme". Computer Weekly. June 2014. Retrieved 1 July 2014.
- "Government launches Cyber Essentials security scheme". 06 June 2014. Retrieved 1 July 2014.
{{cite news}}: Check date values in:|date=(help)