Cyber Essentials

Cyber Essentials: A Pocket Guide

Copyright Date: 2014
Published by: IT Governance Publishing
Pages: 58
  • Cite this Item
  • Book Info
    Cyber Essentials
    Book Description:

    Every year, thousands of computer systems in the UK are compromised. The majority fall victim to easily preventable cyber attacks, carried out with tools which are freely available on the Internet.

    Cyber Essentials is the UK Government's reaction to the proliferation of these attacks. It requires that organisations put basic security measures in place, enabling them to reliably counter the most common tactics employed by cyber criminals.From1 October 2014, all suppliers bidding for a range of government ICT contracts - in particular contracts requiring the handling of sensitive and personal information - must be certified to the scheme.

    This Pocket Guide explains how to achieve certification to Cyber Essentials in a fast, effective and cost-efficient manner. It will help you to:

    - understand the requirements of the scheme

    - implement the controls correctly

    - realise when you are ready to seek certification

    - get a grip on both the certification process and the distinction between Cyber Essentials and Cyber Essentials Plus

    - find additional help and resources.

    eISBN: 978-1-84928-689-3
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-5)
  2. Table of Contents
    (pp. 6-6)
    (pp. 7-12)

    Thousands of IT systems are compromised every day – a shocking fact. But when you consider the proliferation of cyber threats in recent years, it isn’t surprising that some of them are successful. Although cyber activists and spies often get more press, most are carried out by criminals and fraudsters looking for financial gain. The most common kinds of attacks now require little skill or expertise to carry out, and use technology which is widely available online – according to the Verizon 2013 Data Breach Investigations Report, 78% of the attacks they monitor fall into this category.

    The UK Government...

    (pp. 13-32)

    The controls set out in theRequirementsare relevant to organisations of all sizes, but have been chosen for Cyber Essentials because they are relatively easy to implement for SMEs and protect against a wide variety of common cyber threats. But what are the common attacks that your organisation faces, and which the UK Government are so keen to protect against?

    The image of the hacker in popular media is usually of a lone individual in a basement, tapping away at a keyboard, trying to break into a specific computer system. This targeted attack methodology is not how most attackers...

    (pp. 33-50)

    Implementing the controls outlined in theRequirementsis a valuable exercise for any organisation, but only by becoming certified can you show customers, investors, insurers and others that you are fully compliant.

    Although the requirements of the scheme are relatively simple to meet, there is always a cost in time, money and organisational resources when applying a set of controls thoroughly and accurately across an organisation. Failing to pass the assurance process – falling at the final fence – will increase this cost, so it is sensible to be familiar with how the process will be carried out. This will...

    (pp. 51-57)

    Although implementing Cyber Essentials is usually straightforward, it is understandable that some organisations will want help understanding what the controls mean for their organisation and to put them in place. Perhaps your organisation lacks technical expertise, perhaps it is very large, or perhaps you have to deal with a diverse and confusing IT infrastructure due to business processes, corporate mergers or other factors. It might be that you just don’t want to use your internal resources when becoming compliant as your staff have productive work to do elsewhere.

    If this is the case, bringing in outside assistance might be the...

    (pp. 58-59)