Cyber Essentials Scheme & IASME Governance

Cyber Essentials

Cyber Essentials is a government-backed, industry-supported scheme to help protect organisations against common cyber-attacks.

Cyber Essentials was developed as a simple prescriptive formula based on evidence of the attacks.

By design, the scheme addresses the most common Internet-based threats to cybersecurity — particularly, attacks that use widely available tools and demand little skill including hacking, phishing and password guessing.

Sapphire and Cyber Essentials

Sapphire makes it easy for companies to gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation.

We work closely with organisations to understand their challenges and concerns to provide recommendations and guidance to achieve certification.

Cyber Essentials Plus Assessment

The Cyber Essentials Plus assessment is a more comprehensive detailed security audit that can result in a PASS or FAIL. Anything that is not internet facing can be excluded from the scope. Think vulnerability assessment meets audit without a formal penetration test. The five areas we cover as part of a Cyber Essentials Plus assessment are:

Boundary firewalls and Internet Services
Secure Configuration
User Access Control
Malware Protection
Patch Management

To deliver the CE+ assessment Sapphire need to concentrate on the following areas:

Cyber Essentials: Why Sapphire?

Detailed

We evaluate and refine the five controls which protect against the most common enterprise attacks; access and privilege management, network configurations, patch management, malware protection, and perimeter security.

Trusted

Receiving approved certification of cybersecurity capabilities improves your appeal as a ‘trusted supplier’ for large companies and is now a must for many Government contracts.

Experienced

The organisation will be guided through the process by a team with over 26 years’ cyber experience securing some of the world’s largest companies at a competitive price.

IASME Governance

The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance Standard is a structured way for an organisation to implement and improve the way it secures information and offers assurance to the government, regulators, customers and vendors regarding its posture.

The IASME Governance Standard is designed to guide the SME where needed and then assess their level of maturity.

Cyber Essential is an integral part of IASME Governance, which help to protect organisations against common cyber-attacks.

External Testing
Internal Testing
Authenticated Vulnerability Scan of Devices
Check Malware Protection on EUDs
Check the Effectiveness of EUD Defences – Email
Check the Effectiveness of EUD Defences – Website

External Testing

Test whether an Internet-based opportunist attacker can hack into the applicant’s system with typical low-skill methods.

Internal Testing

These tests assess defence against attacks that originate externally but involve some form of an internal user action, or which are difficult to test directly from the Internet.

Authenticated Vulnerability Scan of Devices

Identify missing patches and security updates that leave vulnerabilities that threats within the scope of the scheme could easily exploit.

Check Malware Protection on EUDs

To check that all of the EUDs in scope benefit from at least a basic level of malware protection.

Check the Effectiveness of EUD Defences – Email

To test whether or not EUDs are protected against malware that is delivered via email attachments.

Check the Effectiveness of EUD Defences – Website

To test whether or not EUDs have protection from malware delivered through a website.

FREQUENTLY ASKED QUESTIONS (FAQS)

1. What is Cyber Essentials?

Cyber Essentials is a Government-backed scheme that provides a clear idea of the basic controls that businesses should implement.

Developed by the National Cyber Security Centre, Cyber Essentials was designed to protect businesses from 80% of all basic cybersecurity threats. Having a Cyber Essentials certification also proves to suppliers and partners an organisation’s credibility and trustworthiness.

a) Cyber Essentials
This is a foundation-level certification specifically designed to provide a self assessment of basic controls an organisation requires to mitigate risk from different common cyber threats.

b) Cyber Essentials Plus
Cyber Essentials Plus involves both internal and external tests of your network and computers. It will involve a visit to your site and provides more assurance that you are complying with the Cyber Essentials Scheme than the basic self-assessment level.

2. What is the difference between Cyber Essentials Plus and Cyber Essentials?

Because of the increased complexity of Cyber Essentials Plus, it is offered alongside additional support, including an on-site assessment and dedicated help desk support.

The standard Cyber Essentials accreditation requires organisations to fill in an online questionnaire and costs less to complete.

3. Does Cyber Essentials have an expiry date?

All certificates have a 12-month expiry date.

4. How much is the Cyber Essentials certification?

The cost of the Cyber Essentials self-assessment certification is £300 + VAT.

The cost of the Cyber Essentials Plus certification is based on the complexity and size of an organisation.

5. Is it valid for organisations outside the UK?

Yes, the certification is also issued to overseas organisations.

6. How long does it take to get certified?

For a business to become Cyber Essentials self-certified, it takes between 1-3 working days from the time of submission. However, organisations with a tight deadline can also contact the issuing body to fast-track the approval process.

A typical CE+ assessment is 3-5 days and as Sapphire are an IASME approved Certification Body, the certificate is available on completion of an audit.

An organisation has 90 days to pass CE+ on completion of Cyber Essentials basic.

7. Do Cyber Essentials certified organisations stand a better chance of winning Government contracts?

Yes, some government contracts stipulate applicants are Cyber Essentials Certified.

Gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation

Ready to achieve accreditation? Contact a member of our team today.