Jump to content

Cyber Essentials: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m Order of links, recertification recommendation
m added NCSC
Line 1: Line 1:
'''Cyber Essentials''' is a UK government scheme encouraging organisations to adopt good practice in information security.<ref>{{cite news|title=Government scheme shows who can be trusted on cyber security|url=https://www.telegraph.co.uk/technology/internet-security/10877217/Government-scheme-shows-who-can-be-trusted-on-cyber-security.html|accessdate=1 July 2014|work=Telegraph|date=5 June 2014}}</ref> It includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet. It was developed in collaboration with industry partners, including the Information Security Forum ([[Information Security Forum|ISF]]), the Information Assurance for Small and Medium Enterprises Consortium ([[IASME]]) and the British Standards Institution ([[BSI Group|BSI]]), and is endorsed by the UK Government.<ref>{{Cite web|url=https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/317481/Cyber_Essentials_Requirements.pdf|title=Cyber Essentials Scheme|last=|first=|date=|website=|publisher=HM Government|access-date=9 September 2016}}</ref> It was launched in 2014 by the [[Department for Business, Innovation and Skills]].<ref>{{cite web|title='Cyber Essentials' scheme launched|url=http://ico.org.uk/news/current_topics/cyber-essentials|publisher=ICO|accessdate=1 July 2014}}</ref>
'''Cyber Essentials''' is a UK government information assurance scheme operated by the [[National Cyber Security Centre (United Kingdom)|National Cyber Security Centre (NCSC)]] that encourages organisations to adopt good practice in information security.<ref>{{cite news|title=Government scheme shows who can be trusted on cyber security|url=https://www.telegraph.co.uk/technology/internet-security/10877217/Government-scheme-shows-who-can-be-trusted-on-cyber-security.html|accessdate=1 July 2014|work=Telegraph|date=5 June 2014}}</ref> It includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.
It was developed in collaboration with industry partners, including the Information Security Forum ([[Information Security Forum|ISF]]), the Information Assurance for Small and Medium Enterprises Consortium ([[IASME]]) and the British Standards Institution ([[BSI Group|BSI]]), and is endorsed by the UK Government.<ref>{{Cite web|url=https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/317481/Cyber_Essentials_Requirements.pdf|title=Cyber Essentials Scheme|last=|first=|date=|website=|publisher=HM Government|access-date=9 September 2016}}</ref> It was launched in 2014 by the [[Department for Business, Innovation and Skills]].<ref>{{cite web|title='Cyber Essentials' scheme launched|url=http://ico.org.uk/news/current_topics/cyber-essentials|publisher=ICO|accessdate=1 July 2014}}</ref>


==Assurance framework==
==Assurance framework==
Line 25: Line 27:
==See also==
==See also==
* [[Communications-Electronics Security Group#CESG|CESG]]
* [[Communications-Electronics Security Group#CESG|CESG]]
*[[Critical Infrastructure Cybersecurity Framework]]
* [[Government Digital Service]]
* [[Government Digital Service]]
*[[Government Security Classifications Policy]]
*[[Government Security Classifications Policy]]
* [[IASME]]
* [[IASME]]
*[[ISO/IEC 27001]]
*[[ISO/IEC 27001]]
* [[HMG Infosec Standard No.1]], a more detailed standard which applies to most UK government bodies
*[[National Cyber Security Centre (United Kingdom)|NCSC]]
*[[National Cyber Security Centre (United Kingdom)|NCSC]]
* [[UK cyber security community]]
* [[UK cyber security community]]
*[[UK Cyber Security Forum]]
* [[Critical Infrastructure Cybersecurity Framework]]
* [[UK Cyber Security Forum|U.K Cyber Security Forum]]


==External links==
==External links==

Revision as of 14:32, 1 October 2018

Cyber Essentials is a UK government information assurance scheme operated by the National Cyber Security Centre (NCSC) that encourages organisations to adopt good practice in information security.[1] It includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.

It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME) and the British Standards Institution (BSI), and is endorsed by the UK Government.[2] It was launched in 2014 by the Department for Business, Innovation and Skills.[3]

Assurance framework

Organisations can earn two levels of certification, or badges:[4][5]

  • Cyber Essentials: Organisations self-assess their systems, and this assessment is independently verified.
  • Cyber Essentials Plus: Systems are independently tested, and Cyber Essentials is integrated into the organisation's information risk management.

Annual recertification is recommended. Certifying Bodies are, in turn, licensed by Accreditation Bodies, which have been appointed by UK government.The five current accreditation bodies are APMG, CREST, IASME, IRM security and QG.[6] CREST has developed an assessment framework.[7] IASME, one of the Accreditation Bodies, has incorporated the Cyber Essentials into the wider IASME information assurance standard.[8]

As with ISO/IEC 27001, organisations may choose to limit the scope of certification to a certain subset of their business.

Controls

The five main technical controls are:

  1. Boundary firewalls and internet gateways
  2. Secure configuration
  3. Access control
  4. Malware protection
  5. Patch management

Cyber Essentials guidance breaks these down into finer details. These controls can be mapped against the controls required by ISO/IEC 27001, the Standard of Good Practice, and IASME Governance,[9] although Cyber Essentials has a narrower focus, emphasising technical controls rather than governance, risk, and policy.

History

The Cyber Essentials scheme was launched on 5 June 2014. Several organisations were quickly certified by the end of June.[10] Since October 2014, Cyber Essentials certification has been required for suppliers to central UK government who handle certain kinds of sensitive and personal information.[11] This is intended to encourage adoption by businesses wishing to bid for government contracts.[12] Insurers have suggested that certified bodies may attract lower insurance premiums.[13] Over 6,000 Cyber Essentials certificates have been awarded to businesses and organisations.[14]

See also

External links

References

  1. ^ "Government scheme shows who can be trusted on cyber security". Telegraph. 5 June 2014. Retrieved 1 July 2014.
  2. ^ "Cyber Essentials Scheme" (PDF). HM Government. Retrieved 9 September 2016.
  3. ^ "'Cyber Essentials' scheme launched". ICO. Retrieved 1 July 2014.
  4. ^ "Cyber Essentials Scheme Assurance Framework" (PDF). HM Government. Retrieved 1 July 2014.
  5. ^ Hotchin, Jenny. "Mitigating the risks created by cyber attacks". Retrieved 1 July 2014.
  6. ^ "Cyber Essentials - OFFICIAL SITE". www.cyberaware.gov.uk. Retrieved 2017-03-01.
  7. ^ "CREST supports UK Government Cyber Essentials scheme". CREST. Retrieved 1 July 2014.
  8. ^ "Cyber Essentials Scheme – IASME". www.iasme.co.uk. Retrieved 2016-09-07.
  9. ^ "Requirements for basic technical protection from cyber attacks" (PDF). HM Government. Retrieved 1 July 2014.
  10. ^ "First seven SMEs bite on Government's flagship Cyber Essentials scheme". Computer World. 30 June 2014. Retrieved 1 July 2014.
  11. ^ "Cyber essentials scheme: overview". GOV.UK. Retrieved 1 July 2014.
  12. ^ "Cyber risk and the UK's Cyber Essentials Scheme". Computer Weekly. June 2014. Retrieved 1 July 2014.
  13. ^ "Government launches Cyber Essentials security scheme". 6 June 2014. Retrieved 1 July 2014.
  14. ^ "Matt Hancock's Cyber Security Speech". Retrieved 7 July 2017.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Cyber_Essentials&oldid=861999656"