24 November 2016

Why achieving certification without in-house security skills is easier than you think

 

In today’s competitive digital economy, practicing good cyber security makes sense on many levels.  Not only does it help to safeguard key assets, it offers many commercial benefits too.

If your organisation has only just started thinking about ways of lowering its cyber risk, the government-backed Cyber Essentials scheme can provide the guidance you need to start mitigating a wide range of common threats.

In this latest blog, Redscan explains how, with clear support and advice, obtaining Cyber Essentials accreditation can be significantly more straightforward than you think, even if your organisation lacks in-depth security knowledge.

cyber-essentials-badge-large

Cyber Essentials, part of the UK’s National Cyber Security Strategy, is a low-cost scheme designed to help businesses of all sizes mitigate common security threats such as malware infections, social engineering attacks and hacks. It involves an annually verified assessment of key security controls that can help to address risks across enterprise-level and corporate IT systems.

Cyber Essentials’ five key security controls are:

  • Access permissions
  • Safe configuration of computers and network devices
  • Secure set-up of boundary firewalls and internet gateways
  • Virus protection
  • Patch management

The process of reviewing a business’ security posture against Cyber Essentials security controls is achieved via a security questionnaire, which will take anyone with IT knowledge just a few hours to complete.

Read our overview brochure to learn more about the key cyber protection required to achieve CE certification.

 

In the scope of the assessment

The scope of the Cyber Essentials assessment must be clearly defined before any review takes place.  Certification is typically obtained for a whole organisation but can, for larger organisations, be awarded for an individual business unit.

Generally speaking, Cyber Essentials is intended to assess commercial, off-the-shelf products, not bespoke IT systems, such as those developed for manufacturing, industrial control systems, online retail and other environments. Included within the scope is all internet connected systems such as email, web and application servers, devices including desktop PCs, laptops and smartphones, plus cloud and externally provided IT services.

 

What it takes to achieve certification

Once the security questionnaire has been completed, all answers must then be approved by a board level representative or business owner before being submitted to Redscan, an ISAME approved Cyber Essentials certification body.

­­Redscan will assess the questionnaire against the Cyber Essentials Assurance Framework and if all requirements are met, the company, or sub-set being tested, will receive certification and be permitted to use the Cyber Essentials logo – great for winning increased customer, partner and investor confidence.

Read our overview brochure to learn more about the benefits of achieving Cyber Essentials certification.

 

All the support and advice you need

For organisations interested to learn more about Cyber Essentials, or that require pre or post-assessment support and advice, Redscan is here to help. Our range of flexible and cost-effective certification packages are designed to provide the level of assistance needed to help define the scope of the test, complete the self-assessment questionnaire and address any outstanding risks

To help demonstrate an even higher level of security assurance, Redscan can also help organisations to achieve Cyber Essentials Plus, an advanced level of accreditation requiring onsite inspection as well as internal and external vulnerability assessments.

 

Contact our qualified security experts to discuss Cyber Essentials certification for your organisation

back to all posts