The Cyber Essentials scheme has been developed by the UK Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Government believes that implementing these measures can significantly reduce an organisation’s vulnerability.
The Cyber Essentials Scheme focuses on Internet-originated attacks against an organisation’s IT system. Cyber Essentials concentrates on five key controls. These are:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management