Monday 24 November 2014

Cyber Essentials Scheme

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.

The scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threat, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Cyber Essentials defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online. Risk management is the fundamental starting point for organisations to take action to protect their information. However, given the nature of the threat, Government believes that action should begin with a core set of security controls which all organisations – large and small - should implement. Cyber Essentials defines what these controls are.

This seems like an interesting development -  I read it as a minimal set of IT controls that should be put in place to deliver IT security (as opposed to _information_ security), before information risk analyses take place.