Cyber Essentials Certification – All you need to know
Cyber Essentials certification has been prescribed by the National Cyber Security Centre (NCSC), a UK government organization that advises and provides support for the public as well as private sector for maintaining a reasonable level of cybersecurity. As per the Cyber Essentials website, it helps in protecting organizations, irrespective of the size, against a whole range of the most common cyber attacks.
Three Levels of Engagement
- Familiarize yourself with cybersecurity terminology and gain enough knowledge to begin securing your IT.
- To get more certainty in your organization’s cybersecurity, go for entry–level self-certifying Cyber Essentials certification.
- Forgoing a step further, go for Cyber Essentials Plus certification, including third-party assessment.
Cyber Essentials v. Cyber Essentials Plus
The Cyber Essentials certificate can be obtained by conducting a self-assessment exercise. Obtaining certification gives you peace of mind that your organization’s IT infrastructure will withstand a vast majority of cyberattacks. The process of obtaining this certificate is simple and costs somewhere around £300. The focus of this certificate is limited to addressing the basics and preventing the most common attacks.
Cyber Essentials Plus involves independent verification of an organization’s cybersecurity controls by a Certification Body recognized by the NCSC. The process for obtaining Cyber Essentials is indeed more rigorous than the entry–level certification.
In either case, an organization can opt for availing help from a certification body by paying appropriate fees.
Cyber Essentials and GDPR
GPDR has been enacted to guarantee the privacy and protection of personal data of individuals residing in the European Union. Although it is a comprehensive piece of legislation, it does not provide a checklist of measures an organization must take. The Cyber Essentials certification can help an organization in fulfilling some of the requirements of the GDPR, but it is not a full-proof solution to meet all the obligations outlined in the GDPR.
Data protection experts consider the Cyber Essentials certification as a good starting point to comply with the GDPR requirements. The scope of GDPR extends beyond cybersecurity and includes physical and organizational security measures that are necessary to protect personal data.
Cyber Essentials & Government Contracts
The UK government contracts which require handling of sensitive and personal information or provisioning of certain technical services and products, the bidder shall have the Cyber Essentials certification to participate in the bid.
How to get certified?
NCSC prescribes three steps to certification –
- Select a Certification Body through one of NCSC’s Accreditation Bodies. (Directory available here)
The first step is to select an Accreditation Body from the directory. An organization looking for the Cyber Essentials certification can read the details of each Accreditation Body and choose one which seems a good fit. Once this is done, you need to select a Certification Body from the list of Certification Bodies available on the selected Accreditation Body’s website. It must be noted that the Certification Body will evaluate an organization’s cybersecurity for awarding the Cyber Essentials Certificate.
- Verify your IT is suitably secure.
The Cyber Essentials certification has a detailed set of requirements for an organization’s IT. Before moving to the next step, an organization shall ensure that it‘s IT infrastructure meets these requirements. An organization may be required to share various evidence to the Certification Body for completing the certification process.
- Complete the self-assessment questionnaire.
After the requirements have been met by your organization’s IT infrastructure, the organization is now ready to complete the Certification Questionnaire, which needs to be submitted to the Certification Body. The questionnaire is supplied to an organization by the concerned Certification Body.
What are the benefits of getting the Cyber Essentials certification?
As stated previously, the certification helps UK-based organizations to guard against the most common cyber threats and demonstrate their commitment to cybersecurity. Some of the prominent benefits are as follows –
- It focusses on the basics such as –
- Securing internet connection
- Securing devices and software
- Controlling access to organizational data and services
- Protecting IT infrastructure from virus and other types of malware
- Keeping devices and software up to date
- The certification helps in reassuring the customers that an organization is committed and working to secure its IT against the cyber-attacks.
- It assists in attracting new business with the promise that the organization has cybersecurity measures in place.
- It provides a clear picture of an organization’s cybersecurity level.
- Application Security Testing10
- AWS Penetration Testing5
- Cloud Penetration Testing5
- DAST-Dynamic Application Security Testing10
- network penetration test2
- OSINT Penetration Testing1
- PCI DSS Compliance5
- Penetration Testing as a Service10
- Phishing as a Service5
- Service Organization Control(SOC)1
- web application security10
Cybersecurity checklist for SaaS applications16 Sep, 2020