Cyber Essentials

Introduction to Cyber Essentials

Cyber Essentials is a Government-backed, and industry supported scheme aimed to reduce the levels of cyber security risk in its supply chain.

The scheme defines a set of five core controls:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

It has been assessed that when properly implemented, and maintained these controls provide organisations of all sizes, and in all sectors with basic protection from the most prevalent forms of threat coming from the internet.

There are 2 levels of certification: Cyber Essentials and Cyber Essentials PLUS.

The government made the Cyber Essentials scheme mandatory for central government contracts advertised after 1 October 2014, which involve handling personal information and providing certain ICT products and services.

4Secure Cyber Essentials Services

As an IASME and Cyber Essentials Scheme (CES) Certification Body (CB), 4Secure are able to offer a full range of CES and IASME services, including:

  • CES Self-Assessment
  • CES Assisted Services
  • CES PLUS Assessments
  • IASME Assessments

To find out more about these services, please browse through our CES pages or feel free to contact us where we can discuss your specific requirements in more detail.

Cyber Essentials Self Assessment

Cyber Essentials provides organisations of all sizes, and in all sectors with a focused set of technical controls which will provide cost effective, basic cyber security protection from the most prevalent forms of threat coming from the internet.

Implementation of these controls can significantly reduce the cyber security risk profile[1] of an organisation, becoming a practical component of its cyber security strategy and a great stepping stone to achieve further security assurance and certification against standards such as IASME, ISO27001 and PCI DSS.

To support your Cyber Essentials requirements, 4Secure are able to offer:

Cyber Essential Self-Assessment[2]:                                                                                                        £300*

Self-Assessment is designed for organisations that possess the required in-house skills, expertise and information to fully populate the self-assessment questionnaire in accordance with the Cyber Essentials scheme requirements.

The entire process can be conducted with ease via our secure, online portal. Once your questionnaire has been completed, your submission will be verified by one of our Cyber Essentials assessors to confirm the requirements of the scheme have been met prior to awarding your certification.

Don’t worry if your self-assessment does not fully satisfy all of the requirements from the outset. Our assessors will provide clear and concise feedback on areas

[1] Cyber Essentials does not offer a silver bullet to remove all cyber security risk – it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy.

[2] Via secure, dedicated online portal.

 

* All pricing excludes VAT

Cyber Essentials Assisted Assessment

Cyber Essentials provides organisations of all sizes, and in all sectors with a focused set of technical controls which will provide cost effective, basic cyber security protection from the most prevalent forms of threat coming from the internet.

Implementation of these controls can significantly reduce the cyber security risk profile[1] of an organisation, becoming a practical component of its cyber security strategy and a great stepping stone to achieve further security assurance and certification against standards such as IASME, ISO27001 and PCI DSS.

To support your Cyber Essentials requirements, 4Secure are able to offer:

Cyber Essentials Assisted Assessment from:                                                                                  £975*

Our Assisted Cyber Essentials Assessments provide a fully managed service for those organisations that have no, or limited experience implemented effective security management systems or regimes.

Through the provision of our expert services, your dedicated 4Secure consultant will guide you through the entire Cyber Essentials process.

Tailored to your specific requirements, our consultants will be on hand to support all aspects of Cyber Essentials, and can deliver a range of activities from Cyber Essentials Scoping through to the completion and submission of your Self-Assessment questionnaire.

Our consultants will keep you fully informed throughout the process, providing visibility of key milestones, deliverables and any potential control shortfalls in order to support the requirements of the scheme and your business objectives.

*Prices include Cyber Essentials Assessment, Certification Fees, IASME Standard Certification[3] and Cyber Insurance[4]

Re-assessment for minor changes made within 2 weeks of the initial assessment will be free.

[1] Cyber Essentials does not offer a silver bullet to remove all cyber security risk – it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy.

[2] 1 Site, 1 Network, <25 Users

[3] Subject to meeting the additional IASME requirements.

[4] Cyber Liability Insurance subject to company size and turnover restrictions – Terms Apply: https://www.iasme.co.uk/cyber-essentials-scheme/automatic-insurance-cover/ .

 

* All pricing excludes VAT

Cyber Essentials Plus

Cyber Essentials PLUS offers a natural progression from the independently verified self-assessment assurance activities implemented as part of Cyber Essentials Basic[1]. Cyber Essentials PLUS offers a higher level of assurance of your organisations cyber security defences through a range of internal and external tests of your network and computers.

Cyber Essentials PLUS certification provides a more robust assessment of whether your organisations controls have been effectively implemented and maintained to help defend a variety of Internet-borne threats.

The aim of the testing is to identify opportunistically exploitable vulnerabilities within an organisation’s Internet facing infrastructure and end point devices that provide a high level of exposure to potential attackers with a relatively low level of skill.

The full Cyber Essentials PLUS test scope can be found within the scheme Assurance Framework document, however in summary testing will focus on the following core areas:

  • External Facing Website & Services
  • Boundary & Firewall Protection
  • Internal Network Vulnerabilities
  • End User Devices
  • Access & Privilege Management

To support your Cyber Essentials PLUS requirements, 4Secure are able to offer:

Fixed price Cyber Essential PLUS Assessment from:                                                                                   £1350*

Our Cyber Essentials PLUS services include Certification Fees, Internal and External Vulnerability Scans, and On-Site Assessment and Consultancy Advice.

If you want to discuss your requirements in more detail, or find out more about our Cyber Essentials Services please Contact Us.

[1] Please note that you have to achieve the basic level of Cyber Essentials before you can be assessed for Cyber Essentials PLUS.

[2] 1 Site, 1 Network, <25 Users

 

* All pricing excludes VAT

cyber-essentials-badge
cyber_essentials_plus_badge

IASME Assessment

The IASME standard was developed over several years during a Technology Strategy Board funded project to create an achievable cyber security standard for small companies.  The international standard, ISO27001, is comprehensive but extremely challenging and often costly for a small company to achieve and maintain.  The IASME standard is written along the same lines as the ISO27001 but specifically for small companies.

The IASME standard allows SMEs in a supply chain an effective and affordable way to demonstrate their level of cyber security, offering assurance that they are able to properly protect their customers’ information.

The IASME standard and assessment is included (free of charge) within CES assessments. Organisations considering being assessed against the IASME standard in conjunction with CES, should familiarise themselves with the additional IASME requirements prior to commitment.

A Special Offer for Cyber Resilience Week

Cyber Resilience Week, 11-15 September

4Secure are offering registered UK charities with a limited time special offer to coincide with Cyber Resilience week which runs from 11th until 15th September 2017.

The following discounts are available during this time:

Cyber Essentials £225 plus VAT (representing a saving of £75)
IASME Governance £250 plus VAT (representing a saving of £150)

captcha