CYBER ESSENTIALS OVERVIEW
Cyber essentials overview
Cyber Essentials is the government endorsed standard which helps businesses prevent the vast majority of cyber attacks. Businesses rely more and more on their IT systems but often overlook the need to have them tested and adequately protected. With the rise in viruses, ransomware and targetted attacks, it is only a matter of time before a cyber criminal comes knocking at your businesses door. If you have not taken simple steps to close the front door and lock the front door then cyber criminals can easily get into a lot of systems.
When you complete Cyber Essentials you will get a badge which enables you to prove to your clients that you have met the government endorsed standard. That you have protected your organisation from the most common cyber attacks and that you take your business IT security seriously.
There is now a strong push by the government to force this to be the new base line for many businesses. So much so that now you must achieve Cyber Essentials in order to be a supplier of Government contracts which involve handling personal information. More information regarding this can be found here
This is the standard that involves filling out a self assessment questionnaire, with responses reviewed by a qualified Certification Body such as ITWiser. ITWiser are a Certification Body for Cyber Essentials.
After obtaining Cyber Essentials, a business should aim to get Cyber Essentials Plus. Cyber Essentials Plus requires Cyber Essentials first and extends on this by testing the systems you have in place. Highly trained IT security professionals carry out these tests using the tools and techniques real world hackers do to test your network is setup correctly. ITWiser is a certification body based in Yorkshire who are qualified to carry out Cyber Essentials Plus tests.
Having carred out Cyber Essentials and Cyber Essentials Plus with ITWiser, the next logical step is to look at Information Assurance for SME’s (IASME). The IASME standard was developed to target SME’s for which obtaining a qualification such as ISO 27001 was going too far and very expensive to do for a business. The IASME standard is written along the same lines as ISO 27001 but have been designed for small companies. It enables small companies and those forming part of a supply chain for a realistic cost to demonstrate that they properly protect their customer information. This is available as self assessed or fully assessed by an independent auditor such as ITWiser and proves that SMEs follow good best practices.
What options are there for SME’s?
Cyber Essentials
Thsis the standard that involves filling out a self assessment questionnaire, with repsonses reviewed by a qualified Certification Body like ITWiser. ITWiser are a Certification Body for Cyber Essentials.
Cyber Essentials Plus
After obtaining Cyber Essentials, a business should aim to get Cyber Essentials Plus. This requires the Cyber Essentials certification first, and extends on this by testing the systems you have in place. Highly trained IT security professionals carry out these tests using the tools and techniques that real world hackers use to test your network is set up correctly. ITWiser is a certification body based in Yorkshire who are qualified to carry our Cyber Essentials Plus tests.
IASME Standard
Having carried out both Cyber Essentials and Cyber Essentials Plus with ITWiser, the net lgoical step is to look at Information Assurance for SMEs (IASME). This standard was developed to target SMEs, who find the other qualifications, such as the ISO 27001, expensive and too convoluted. The IASME standard is written along the smae lines as the ISO 27001 but has been desined with SMEs im mind. It enables small companies (and those forming part of a larger supply chain) a realistic and cost effective alternative. It demostrated that a small company can protect thier customer information. This is available as self-assessed or fully assessed by a certification bdy like ITWiser and proves that the company follows good best practices.