Cyber Essentials (Plus)

Cyber Security is now considered one of the greatest threats to NationaL SecuRity

So concerned is the UK government that the Cyber Essentials scheme has been developed to provide a clear statement of the basic controls all organisations should implement to mitigate risk of common internet based threats.

It also provides an Assurance Framework, a mechanism by which organisations can demonstrate to customers, investors, insurers that they have taken essential precautions to minimise risk.

The scheme focuses on Internet originated attacks against an organisations systems.

Cyber Essentials focusses on five key controls as follows

Boundary Security Gateway or Firewall

These are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.

Secure Configuration

Ensuring that systems are configured in the most secure way for the needs of the organisation

Access Control

Ensuring only those who should have access to systems have access and at the appropriate level

All network connected systems where possible need to provide a last line of defence, should malware make it to the desktop, or any other device connected in the network. A great many recent attacks have come from emails or USB sticks etc and are inadvertently injected into a system by a user. Anti-malware systems provide this layer of defence, ensuring that the activities of users on their desktops and laptops are monitored and where malware is detecetd, this is intercepted.

Patch Management

Ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied. As older operating systems are phased out, their vendors stop providing security updates and they become increasing susceptible to attack as time passes.