Cyber Essentials Plus Readiness Assessment Webinar
Webinar Date: 10:30am 28th November 2019
In this webinar we will review the complexities of achieving a resilient Cyber Security strategy along with the common challenges that we see within our clients’ environments.
We will discuss how with the right preparation, process reviews, gap analysis and vulnerability scanning tools you can achieve a resilient, Cyber Security strategy that will meet the Cyber Essentials Plus certification requirements.
Do you want the peace of mind that your security measures, actually measure up?
Due to the growing threats in cyberspace, your business will no doubt already have certain cyber security measures in place to reduce your company’s vulnerability, but are you confident that the policies and systems that you have in place are up to date, managed and resilient to the current threat landscape?
We are currently working with a large number of organisations that are working towards becoming officially Cyber Essentials Plus certified; they have the systems in place and they have taken the technical measures required to protect their environment from cyber-attack, however when delving further into their environment and reviewing their policies and procedures, we have often found that there are apparent weaknesses in their cyber security defences which have not been addressed.
Register for our Cyber Essentials Plus Webinar
28th Nov 2019 at 10:30am
**This was a live webinar that has now taken place. If you would like to receive a recording of the webinar please complete the form below and we can organise for you to receive it.**
Cyber Essentials Plus: What is it, do you need it and how can you achieve it?
Cyber Essentials is a government and industry-endorsed cyber security certification, its objective being to ensure that UK companies have a baseline level of security in place, which enables them to be more resilient to cyber-attacks.
Cyber Essentials comprises of five information security controls that provide the foundation of basic measures required to defend against the increasing threat of cyber-attack. The scheme’s set of five critical controls is applicable to all types of organisations, of all sizes, giving protection from the most prevalent forms of threat coming from the internet.
Implementing the Cyber Essentials scheme’s five information security controls will enhance your organisations level of protection from cyber-attacks.
Additionally, by becoming officially Cyber Essentials Plus Certified, your clients and employees will recognise that you are serious about data security and the protection of their data, which enhances your business reputation and leaves you less likely to incur breaches or fines. In some cases, in order to work with certain organisations, you may be required to hold the Cyber Essentials Plus certification before engaging in a business relationship.
To successfully achieve the Cyber Security Plus Certification an external auditor will come in and fully evaluate your organisations security measures, you must be able to comprehensively demonstrate that you have the required level of protection in place against each of the five security controls.
The 5 information security controls
- Secure your internet connection
- Ensure that you have correctly configured firewalls in place to protect all of your devices that connect to the internet.
- Secure Configuration
- Secure your devices and software by ensuring that devices are properly configured and strong passwords are used to protect against potential vulnerabilities.
- Control Access
- Control who has access to your data and services to authorised individuals on a required user/role basis. Ensure that accounts with administrative privileges are only being used to perform administrative tasks.
- Protect from viruses and malware
- Ensure your network is using the best form of protection against malware, viruses, worms, spyware, botnet software and ransomware to prevent malicious code from causing damage or data breaches.
- Keep devices and software up to date
- Ensure you have an effective patch management system/processes in place to apply security patches when available.
How to become Cyber Essentials Plus Certified
The Cyber Essentials Plus certification can often be difficult and time consuming for companies to achieve without external objective help.
With IT teams busy delivering projects or support, they often do not have the internal resource or time to keep on top of updating policy information, meaning that their policy documentation is often not representative of the actual processes that are in place. It is also common to find that patch management solutions, although in place, actually require a more in-depth level of management than initially envisaged, to effectively avoid security vulnerabilities.
In our experience, we have also found that there can be areas of shadow IT or systems outside of the IT department’s control that are in scope for the Cyber Essentials Plus audit but have not been considered or effectively secured. As an example of this, during a recent Cyber Essentials assessment, we highlighted that the client in question, who was being provided with a fully managed network environment, had not had their environment securely segregated from the service providers other client environments; in order to resolve this security risk, they required their own firewalls to be implemented to fully secure their network enabling them to achieve their Cyber Essentials Plus Certification.
These are common challenges that we see within our client’s environments, all of which become highlighted during the gap analysis phase of our Cyber Essentials Plus Readiness Assessment Service.
Working collaboratively with our clients, providing Cyber Security systems, compliance, policies and process assessments, we can give you a real-time analysis and gap analysis of your Cyber Security landscape to fully prepare you for your Cyber Essentials Plus Certification.
Find out more about our Cyber Essentials Plus Readiness Assessment Service