Achieve Cyber Essentials Plus
Cyber Essentials plus is a government and industry-endorsed cyber security certification
Achieve Cyber Essentials Plus
To Achieve Cyber Essentials plus you will need to demonstrate your organisation is compliant against its six (previously five) information security controls, with access control now split into two elements, comprising of user access and admin access control, following their 2022 update.
These security controls provide the foundation of the basic measures required to defend against the increasing threat of cyber-attack.
Implementing the Cyber Essentials scheme’s information security controls will enhance your organisation’s level of protection from cyber-attacks.
Additionally, by becoming officially Cyber Essentials Plus Certified, your clients and employees will recognise that you are serious about data security and the protection of their data, which enhances your business reputation and leaves you less likely to incur breaches or fines.
The information security controls
- Secure your internet connection: Ensure that you have correctly configured firewalls in place to protect all of your devices that connect to the internet.
- Secure Configuration: Secure your devices and software by ensuring that devices are properly configured and strong passwords are used to protect against potential vulnerabilities.
- User Access Control: Control who has access to your data and services to authorised individuals on a required user/role basis.
- Admin Access Control: Ensure that accounts with administrative privileges are only being used to perform administrative tasks.
- Protect from viruses and malware: Ensure your network is using the best form of protection against malware, viruses, worms, spyware, botnet software and ransomware to prevent malicious code from causing damage or data breaches.
- Keep devices and software up to date:Ensure you have an effective patch management system/processes in place to apply security patches when available.
To successfully achieve Cyber Security Essentials Plus Certification an external auditor will come in and evaluate your organisations security measures, you must be able to comprehensively demonstrate that you have the required level of protection in place against each of the six security controls.
How we can help you to achieve Cyber Essentials Plus
The Cyber Essentials plus certification can often be difficult and time consuming for companies to achieve without external objective help.
Working collaboratively with our clients, providing Cyber Security systems, compliance, policies and process assessments, we can give you a real time analysis and gap analysis of your Cyber Security landscape to fully prepare you for your Cyber Essentials Plus Certification.
Cyber Essentials Plus Readiness Assessment Service: Cyber VALIDATE
The Cyber Validate Service involves a full process review, gap analysis and compliance consultancy service delivered by a compliance manager.
An initial scoping call will be required to ascertain the size of environment, identify all sites, data centres and any specific target areas for concern within the six cyber essential controls. An onsite workshop will then be undertaken with individual heads of departments required to discover or understand what they do and where it touches or has an effect on cyber security. The full scope for assessment is defined from the workshop so it is important to have the right people involved at this stage. Flows of data are then complied to build a complete security landscape picture.
Gap Analysis and Report Creation
At this stage a document will have been created with a defined list of specific questions, in line with the security control sections. We will work individually with the people in the organisation that are directly responsible for each area to go through the questions around the controls and will categorise the responses by using a RAG (Red, Amber and Green) rating. Once completed the Gap Analysis produces a report with all of the responses and the recommendation actions required for compliance for each response.
Using the data we have compiled from both the workshop stage and gap analysis phases we will compile an in-depth managerial level report, showing who has been involved, how the data has been compiled, a complete overview of the findings, immediate areas of concern, along with a full list of the recommendations for any remediation action.
The report is sectioned to relate to each of the cyber essentials controls and provides an easy to digest summary of the discovery and requirements needed to meet compliance per each control.
Once we have presented our report back to you, we can leave you with the recommended remediation actions and information required to implement the changes yourselves in order for you to obtain your Cyber Essentials Certification, or we can work with you to implement the solutions or changes under a separate project.
Following the remediation of the gap analysis, you have the option of self-certifying as Cyber Essentials compliant or bringing in an external auditor to achieve Cyber Essentials Plus certification, which would be our recommendation.
Advanced Cyber Essentials Plus Readiness Assessment Service: Cyber MITIGATE
In addition to our standard Cyber Essentials Plus Readiness Assessment Service, where we provide the workshop, gap analysis and compliance consultancy, we can also provide an added level to the service in the form of an Advanced Vulnerability Assessment.
Using our preferred portfolio of Cyber Security vendor products from Tenable, Palo Alto Networks and Thycotic we will deploy specific Cyber Security analysis tools to scan your current environment for internal and external vulnerabilities, highlighting any areas of weakness.
After applying these tools in your environment we will provide a report summarising all of the security vulnerabilities discovered via the three assessment tools and will provide a suggested plan for resilience improvement and compliance across all areas reviewed.
Should you wish to implement the full versions of any of the above products Krome can work with you to implement the required solutions under a separate remediation project.
Should you wish to learn more about how we can protect your environment from cyber-attacks an help you to achieve Cyber Essentials Plus please get in touch with us today.