Cyber Essentials

Overview

Cyber Essentials is a UK government sponsored initiative, launched in 2014 for small to medium sized business to help protect them from modern day threats in an internet enabled age. Cyber Essentials is a practical set of security controls that all businesses should be employing as a base set of best-practice protections for their systems and information.

Widely adopted in the UK, Cyber Essentials is a requirement for all suppliers of UK central government contracts, as well as being enthusiastically taken up by private enterprise as a means of demonstrating compliance with good practices for information security.

There are two levels of certification that organisations can achieve and the scope for certification may include all or any part of the organisation as required.

  • CYBER ESSENTIALS: Organisations self-assess their systems, and this assessment is independently verified.
  • CYBER ESSENTIALS PLUS: Systems are independently tested, and Cyber Essentials is integrated into the organisation’s information risk management.

The five high level key control areas are:

    • Boundary firewalls and internet gateways
    • Secure configuration
    • Access control
    • Malware protection
    • Patch management
These are further broken down into more granular controls. The controls can also be mapped to other security management systems such as ISO/IEC 27001, although Cyber Essentials has a much narrower focus, emphasising technical controls rather than governance, risk and policy.

Service Offering

Lets start with what we are not. We won’t:

    • We won’t guarantee you a certificate in 24 hours!
    • We won’t sell you software that promises the world!
    • We won’t perform a box ticking exercise and call that consultancy!
    • We won’t sell you a false sense of security!

What we will do is work with your people to objectively analyse the five key control areas against your business or the part of the business in scope for certification. Providing an accurate assessment of your current state of security controls with gap analysis of any shortcomings to meet the requirements for certification. Thus, providing senior management with an accurate and objective view of current state of security controls and cyber risk.

We will then engage with your people not only to fix any shortcomings for certification but also fix any process gaps that would otherwise lead to future breakdown of control and where necessary integrate Cyber Essentials into your organisations risk management framework or create anew where one doesn’t yet exist.

Our aim, to leave you not only in a secure state but with the means to continue that culture into the future.

Approach

The A-GRC approach, whether it’s Cyber Essentials or Cyber Essentials Plus is teamwork.

  • Provide only the level of consultancy you require, ensuring cost efficiency.
  • Tailored to your organisation and needs, big or small.
  • Ensure senior management buy-in, vital to the project success.
  • A clearly defined scope with deliverables mapped out from the outset.
  • People engagement, providing the knowledge transfer to your people to continue the work we start.
  • Ongoing advice is always only a phone call away and free for past customers.

Benefits

The A-GRC approach to collaborative working builds confidence at an operational and stakeholder level that inspires good practice and continuous improvement.

  • Allowing you to make contractual bids, where if you were not certified, you may be precluded.
  • Assuring management and customers of information security levels in place.
  • Increase customer confidence in your products and services
  • Demonstrating conformance to Cyber Essentials Plus and verified by a third-party Conformance Assessment Body.
  • Allowing senior management to make better informed decisions on operational risk.