The government has announced Cyber Essential Scheme as part of wider efforts to motivate businesses and consumers to stay safe online and make UK a safer place for online business.
“Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks”, reads the overview of the Cyber Essential Scheme.
The scheme will provide organisations with a recognised cyber security assurance certification – something that proves that they are taking cyber security seriously. Government intends to provide a cost-effective way for all UK businesses to mature their cyber security by getting the basics of security right.
Cyber Essentials is a result of the collaborative efforts of the Government, the Information Assurance for Small and Medium Enterprises (IASME) consortium, the Information Security Forum and the British Standards Institution (BSI).
The Cyber Essentials scheme provides guidance on five security controls including Secure Configuration; Access Control; Malware Protection; Patch Management; and Firewalls and Internet Gateways.
Systems that fall under the scope of the CES include all internet-connected end-user devices including tablets, smartphones, PCs and laptops; as well as internet-connected servers including web and application servers.
Businesses seeking accreditation will have to implement systems based on the guidance followed by which they have to carry out self-assessment. Businesses will then need to get their self-assessment independently verified by certification body such as Council of Registered Ethical Security Testers (CREST).
Government has also revealed that from October 1 businesses wishing to bid for government contracts which involve personal and sensitive information will be required to provide proof that they have been certified under Cyber Essentials.
The CES has already been adopted by Enterprises like BAE systems, Barclays, HP; small businesses such as Skyscape, Nexor and Tier 3; University of Derby; and the Institute of Chartered Accountants among others.
Cyber Essentials is an applaudable effort considering direct government’s involvement, but one thing is worth noting that the scheme will enable businesses to ramp up their most basic cyber security hygiene and that’s what the collaborators believe as well. Businesses with advanced security requirements will have to resort to other avenues on top of CES.
