Cyber Essentials Scheme
Cyber Essentials
Cyber Essentials is a government-backed, industry-supported scheme to help protect organisations against common cyber-attacks.
Cyber Essentials was developed as a simple prescriptive formula based on evidence of the attacks.
By design, the scheme addresses the most common Internet-based threats to cyber security—particularly attacks that use widely available tools and demand little skill, such as hacking, phishing, and password guessing.
Sapphire and Cyber Essentials
Sapphire makes it easy for companies to gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation.
We work closely with organisations to understand their challenges and concerns and provide recommendations and guidance to achieve certification.
Cyber Essentials Plus Assessment
The Cyber Essentials Plus assessment is a more comprehensive detailed security audit that can result in a PASS or FAIL. Anything that is not internet-facing can be excluded from the scope. Think vulnerability assessment meets audit without a formal penetration test. The five areas we cover as part of a Cyber Essentials Plus assessment are:
cyber essentials
Why Sapphire?
Detailed: We evaluate and refine the five controls that protect against the most common enterprise attacks: access and privilege management, network configurations, patch management, malware protection, and perimeter security.
Trusted: Receiving approved certification of cyber security capabilities improves your appeal as a ‘trusted supplier’ for large companies and is now a must for many Government contracts.
Experienced: The organisation will be guided through the process by a team with over 25 years of cyber experience, securing some of the world’s largest companies at a competitive price.
cyber essentials
IASME Cyber Assurance
The Information Assurance for Small to Medium-sized Enterprises (IASME) Cyber Assurance is a structured way for an organisation to implement and improve the way it secures information and offers assurance to the government, regulators, customers and vendors regarding its posture.
IASME Cyber Assurance is designed to guide the SME where needed and then assess their level of maturity.
IASME Cyber Assurance is designed to guide the SME where needed and then assess their level of maturity.
External Testing
Test whether an Internet-based opportunist attacker can hack into the applicant’s system with typical low-skill methods.
Internal Testing
These tests assess defence against attacks that originate externally but involve some form of an internal user action, or which are difficult to test directly from the Internet.
Authenticated Vulnerability Scan of Devices
Identify missing patches and security updates that leave vulnerabilities that threats within the scope of the scheme could easily exploit.
Check Malware Protection on EUD
To check that all of the EUDs in scope benefit from at least a basic level of malware protection.
Check the Effectiveness of EUD defenses – Email
To test whether or not EUDs are protected against malware that is delivered via email attachments.
Check the Effectiveness of EUD defences – Website
To test whether or not EUDs are protected from malware delivered through a website.