Cyber Essentials

What is Cyber Essentials?

Cyber Essentials is a UK Government backed scheme suitable for organisations of all sizes. It includes a formal certification showing adherence to a basic set of information security controls.

It is designed to be a base line for cyber security and help give confidence that the organisation being assessed is effectively addressing the cyber security risks that could lead to the loss of confidential data or other business disruption.

Cyber Essentials and Cyber Essentials Plus Exeter Devon

Cyber Essentials is achieved after a self-assessment questionnaire is completed and sent for review, along with supporting evidence, to a Certification Body under the signature of a senior director, stating that all the criteria have been met. The Certification Body will assess the questionnaire to verify that the controls have been met.

Cyber Essentials Plus requires your company to pass an on-site and external vulnerability assessment performed by the Certification Body. Cyber Essentials Plus will give an extra level of assurance that the requirements have been independently verified by the Certification Body.

> Help get me protected

Ready to get started with Cyber Essentials or have questions? Let us know now...

How much does Cyber Essentials cost?

We have two basic levels of pricing - £295 and £495 - depending on how much input is required.

The £295 level is for companies who are ready to go and are confident they reach the standards required without the need for telephone support. Typically these will already have an ISO 27001 in place, and may be using a QG ACE practitioner to assist them.

The £495 level is for companies who need our assistance to guide them through the questionnaire and explain the intent of the questions. It offers up to two hours of telephone support and we also offer an external vulnerability scan within this fee to provide them with greater reassurance.

If in doubt which level would apply, please call or email to discuss further.

What is the process for Cyber Essentials?

  1. Firstly you will need to answer a self-assessment questionnaire which we will send to you.
  2. We will also provide a detailed guidance document to assist you with the completion of the questionnaire.
  3. Your responses will be reviewed to ensure that you meet the requirements and we will come back to you if we believe further clarification is required.
  4. Once the questionnaire, signed as approved by board level (or equivalent), has been successfully verified by us, your Cyber Essentials certificate & badge will be issued.

See an example of the Cyber Essentials questionnaire:

ceq_sample-for-website

What next once I have Cyber Essentials?

  1. Cyber Essentials Plus will provide a more thorough assessment and will require a certification body, such as Securious, to independently check you have adequately implemented the controls.
  2. Cyber Essentials Plus requires that your compliance with the standard is independently validated on site by a certifying body such as Securious, to ensure that you comply with the standard.
  3. Then, an external vulnerability scan will be conducted which will also feed in to the assessment. Once the questionnaire has been signed and reviewed, and the scan conducted successfully, Securious will complete a report and submit to our Accreditation body. Once complete, your Cyber Essentials Plus certificate & badge will be issued. (By the way, Cyber Essentials is not a pre-requisite for Cyber Essentials Plus)

What does Cyber Essentials test then?

  1. Boundary firewalls and Internet gateways: Your network should have a properly configured firewall
  2. Secure configuration: Default configurations are often vulnerable, and devices should only offer the services necessary to fulfil their intended role
  3. User access control: Only authorised users and administrators should be allowed. Access should be provided at the minimum level required for all systems.
  4. Malware protection: Protection is required against computer viruses, spyware and other unauthorised or malicious software.
  5. Patch management: Software and systems should have the latest security patches installed.

How can Securious help?

Securious is a Certification Body based in Exeter, Devon and is ideally placed to help you achieve Cyber Essentials or Cyber Essentials Plus certification.

For Certification body status, Securious completed a rigorous assessment by QG Management Standards to ensure that we meet the scheme’s strict requirements to allow us to assess companies to the required standards.

With the ever increasing emphasis on Cyber Security for businesses and alignment to the UK Government Cyber Security Strategy, this is an ideal time to engage with a professional local South West business to help you demonstrate to customers, investors, insurers and others, that you have taken essential precautions to reduce your organisation’s vulnerability.

Optional external scan

Securious can also offer an external scan to test for vulnerabilities in your network perimeter.

If purchased at the same time as Cyber Essentials, this costs just £100 (+vat).

Cyber Essentials FAQs

Cyber Essentials is a new Government backed scheme to help organisations understand what common cyber attacks look like and what basic controls all organisations should put in place to protect themselves.

The UK Government published a report on 16th January 2015 “Common Cyber Attacks: Reducing the Impact.”

This report has been designed to provide further evidence as to why organisations should adopt, as a minimum, the advice of Cyber Essentials

Cyber Essentials is the minimum an organisation needs to implement to reduce their risk exposure to cyber attacks.

Organisations who have not implemented this may find that they are not entitled to tender for certain contracts with government bodies etc. Increasingly it is becoming a requirement for, not just companies in the private sector, but also universities, charities, public sector and not for profit organisations to have Cyber Essentials as a minimum security measure.

Some professional bodies such as the Institute of Chartered Accountants in England and Wales are encouraging their members to implement Cyber Essentials as a minimum requirement.

It provides a badge of assurance to customers and stakeholders that you take cyber security seriously.

If you need further assistance please contact Securious for advice or guidance.

Cyber essentials offers a basic level of assurance from 80% of the most common forms of cyber attacks. These include attacks from readily available hacking tools and malware. Some attacks are automated and others may be more targeted looking for vulnerabilities in your systems. You can make it harder for attackers by reducing these vulnerabilities.

We consider Cyber Essentials basically to be good house keeping, and a first step to making your systems more secure especially if you have little Cyber security to start.

If you need further assistance please contact Securious for advice or guidance.

The main areas are around the following:

  1. Boundary Firewalls and Internet Gateways
  2. Secure Configuration
  3. User Access Control
  4. Malware protection
  5. Patch management

Full details of the Cyber Essentials scheme can be found in the HM Government guide published June 2014. If you need further assistance please contact Securious for advice or guidance.

To achieve this you need to do the following:

  1. Organisation identifies the systems it believes are at risk from common internet based threats.
  2. Organisation completes self assessment questionnaire and declares its compliance with the Cyber Essentials Requirements.
  3. The declaration is signed by the Chief Executive officer or equivalent endorsing its accuracy
  4. The declaration is independently verified by a Certification Body.
  5. If the Certification Body has sufficient confidence that the controls have been effectively implemented Cyber Essentials certificate is awarded.

If you need further assistance please contact Securious for advice or guidance.

We have two basic levels of pricing – £295 and £495 – depending on how much input is required.

The £295 level is for companies who are ready to go and are confident they reach the standards required without the need for telephone support. Typically these will already have an ISO 27001 in place, are using a QG ACE practitioner, and do not require a vulnerability scan.

The £495 level is for companies who need our assistance to guide them through the questionnaire and explain the intent of the questions. It offers up to two hours of telephone support and we also offer an external vulnerability scan within this fee to provide them with greater reassurance.

If in doubt which level would apply, please call or email to discuss further.

If we need to verify any answers you have submitted, we arrange a quick call with you to determine if your answer represents your environment against the Cyber Essentials control.

We will need you fill out the Cyber Essentials self-assessment questionnaire in as much detail as possible. As a rule, if the verification process takes more time to complete than the questionnaire, you may get an offer of assistance. Dependent on the time effort for this, we may make a small charge for this service.

Of course, if you feel that you would benefit from a fully assisted self-assessment, then we would be only too happy to help. This would still be kept as a remote assistance format, to help keep on-site costs down, but would be generally cheaper than a full on-site appraisal. Contact us for further information.

How do I get started?

> Help get me protected

Ready to get started with Cyber Essentials or have questions? Let us know now...

© Securious Cyber Security 2017. All rights reserved.

Registered in England and Wales: 06337870