Looking for Cyber Essential scheme services?
The UK government has launched the Cyber Essentials scheme to help organisations define and measure basic levels of security hygiene. The scheme defines a series of technical and procedural controls to mitigate the risks associated with cyber threats. Through certifying against the Cyber Essentials scheme, organisations are able to demonstrate to their clients, their suppliers, their insurers and to industry regulators that they have undertaken essential precautions in minimising their cyber risk.
The Cyber Essentials scheme has two levels:
Stage 1 of cyber essentials is based around a self assessment questionnaire combined with an external vulnerability assessment. The organisation is required to complete a questionnaire that covers some of the basic technical and procedural controls that are needed to be in place. This questionnaire is then signed off by the organisations CEO before it is returned to the certifying body. The vulnerability assessment targets externally facing devices at both the network and infrastructure layer. Once a passing vulnerability assessment and self-assessment questionnaire have been completed, the organisation will be validated against stage 1 of the cyber essentials program.
How can Nettitude help?
Nettitude has been delivering security architecture consulting, vulnerability analysis, penetration testing, risk management and technical security auditing for more than a decade. Our highly experienced consultants can assist you in defining the scope for Cyber Essentials and provide you with a roadmap for achieving overall certification. We can provide guidance around technical and procedural controls and provide you with a framework to measure the effectiveness of these controls.
For organisations pursuing stage 2 certification, Nettitude conducts both technical risk assessments and vulnerability assessments to ensure that all elements of the requirements are addressed. Where gaps exist, Nettitude is able to offer pragmatic advice and guidance on how these gaps can be addressed. Nettitude is able to issue stage 2 (Cyber Essentials Plus) certificates through the CREST accreditation body, once the organisation is able to demonstrate the required levels of cyber hygiene.
When we initially engage with organisations, we undertake a gap analysis to measure the organisations existing controls against what is required by Cyber Essentials. Having conducted this assessment, we then provide the organisation with a clear road map on how to bridge the gaps and reduce their risks associated with a cyber breach. As the organisation moves towards stage 1 certification, Nettitude can provide on-going guidance and assistance to ensure all elements of the assessment are being catered for. Nettitude is able to assist the organisation to complete the questionnaire and complete the external vulnerability assessment. As a CREST company, Nettitude is able to issue stage 1 certificates once the organisation is able to demonstrate the required levels of cyber hygiene.