FAQs

Cyber Essentials

Cyber essentials is a new Government backed scheme to help organisations understand what common cyber attacks look like and what basic controls all organisations should put in place to protect themselves.

The UK Government published a report on 16th January 2015 “Common Cyber Attacks: Reducing the Impact.”

This report has been designed to provide further evidence as to why organisations should adopt, as a minimum, the advice of Cyber Essentials

Cyber Essentials is the minimum an organisation needs to implement to reduce their risk exposure to cyber attacks.

Organisations who have not implemented this may find that they are not entitled to tender for certain contracts with government bodies etc. Increasingly it is becoming a requirement for, not just companies in the private sector, but also universities, charities, public sector and not for profit organisations to have Cyber Essentials as a minimum security measure.

Some professional bodies such as the Institute of Chartered Accountants in England and Wales are encouraging their members to implement Cyber Essentials as a minimum requirement.

It provides a badge of assurance to customers and stakeholders that you take cyber security seriously.

If you need further assistance please contact Securious for advice or guidance.

Cyber essentials offers a basic level of assurance from 80% of the most common forms of cyber attacks. These include attacks from readily available hacking tools and malware. Some attacks are automated and others may be more targeted looking for vulnerabilities in your systems. You can make it harder for attackers by reducing these vulnerabilities.

We consider Cyber Essentials basically to be good house keeping, and a first step to making your systems more secure especially if you have little Cyber security to start.

If you need further assistance please contact Securious for advice or guidance.

The main areas are around the following:

  1. Boundary Firewalls and Internet Gateways
  2. Secure Configuration
  3. User Access Control
  4. Malware protection
  5. Patch management

Full details of the Cyber Essentials scheme can be found in the HM Government guide published June 2014. If you need further assistance please contact Securious for advice or guidance.

To achieve this you need to do the following:

  1. Organisation identifies the systems it believes are at risk from common internet based threats.
  2. Organisation completes self assessment questionnaire and declares its compliance with the Cyber Essentials Requirements.
  3. The declaration is signed by the Chief Executive officer or equivalent endorsing its accuracy
  4. The declaration is independently verified by a Certification Body.
  5. If the Certification Body has sufficient confidence that the controls have been effectively implemented Cyber Essentials certificate is awarded.

If you need further assistance please contact Securious for advice or guidance.

We have two basic levels of pricing – £295 and £495 – depending on how much input is required.

The £295 level is for companies who are ready to go and are confident they reach the standards required without the need for telephone support. Typically these will already have an ISO 27001 in place, are using a QG ACE practitioner, and do not require a vulnerability scan.

The £495 level is for companies who need our assistance to guide them through the questionnaire and explain the intent of the questions. It offers up to two hours of telephone support and we also offer an external vulnerability scan within this fee to provide them with greater reassurance.

If in doubt which level would apply, please call or email to discuss further.

If we need to verify any answers you have submitted, we arrange a quick call with you to determine if your answer represents your environment against the Cyber Essentials control.

We will need you fill out the Cyber Essentials self-assessment questionnaire in as much detail as possible. As a rule, if the verification process takes more time to complete than the questionnaire, you may get an offer of assistance. Dependent on the time effort for this, we may make a small charge for this service.

Of course, if you feel that you would benefit from a fully assisted self-assessment, then we would be only too happy to help. This would still be kept as a remote assistance format, to help keep on-site costs down, but would be generally cheaper than a full on-site appraisal. Contact us for further information.

Cyber Security Consultancy

The following is a list of key consulting services we offer, but feel free to get in touch if you have other requirements that do not fit exactly to these:

  • PCI-DSS – Alignment to the PCI standard, Gap Analysis and pre-audit, along with full Audit services.
  • Data Protect Services – Securious offer a range of solutions to help align you to the Data Protection Act, particularly around Principle 7.
  • Vulnerability Scanning services – We cater for businesses and organisations of all sizes and not just located in Devon and Cornwall.
  • Cyber Essentials and Cyber Essentials Plus certification requirements. Services include Gap Analysis, Pre-Audit, Assisted Self-Assessment and fully managed submissions.
  • Network and Security Architecture services – Securious can design and implement Network and Security Architecture that aligns to your business requirements and budget.
  • Risk and Security Awareness training – Securious have extensive knowledge and expertise to help you with IT Security Risk Assessments and Staff Security Awareness training programs.

We like to think that we can offer a very flexible approach to projects and we will work with you as a business, or with any of your partners, internal IT staff or other managed service provider to give you the best possible advice and service relating to your IT Security Project requirement.

Securious are dynamic in terms of being able to change direction quickly as the Cyber Security threat changes. This is a key strength and also gives the client additional benefit that we are always monitoring the latest threats and updating our skills to help keep you protected.

South West Cyber Security Consultancy

It is a group of Businesses and Organisations actively working in or around Cyber Security and predominately based within the South West (Devon and Cornwall)

We are part of the larger UK Cyber Security Forum that encourages collaboration between the 300+ members and offers an effective way to conduct business in the wider Cyber Security community.

We hope to raise the profile and awareness of Cyber Security within the local business community and promote the advantages of adopting good Cyber practises.

We have a program of events and meetings that are published on our website (SWCSC Page)

If you would like further information and details on how to join, please drop us an email or telephone us with your details. We will get back in touch and let you know when we will be meeting next.

You can also register for one of our events for free and we will look forward to meeting you at an event soon.

 

Still looking for an answer?

Please contact us on +44 (0) 1392 247 110 or by using this form.