Companies holding sensitive data such as employee or customer information, who have implemented good security controls to reduce the risk of attack by cyber criminals, want to demonstrate or prove this in some way.
Additionally, you may have to demonstrate that your company follows best practice information security to become an approved supplier to a larger enterprise.
Cyber Essentials Certification gives peace of mind that defences a company has in place will protect it against the vast majority of common cyber attacks.
Cyber Essentials is a UK Government backed scheme designed to guard against the most common internet based cyber security threats and encourages organisations of all sizes, but particularly SME’s, to demonstrate their commitment to cyber security.
What BH Consulting provide, is security expertise to guide clients through the certification process, to ensure that the Cyber Essentials self-assessment is carried out in a compliant manner. We aim to clarify the requirements so that they are understood and answered appropriately.
There are five control areas covered by Cyber Essentials, in summary these are:
1. Boundary Firewalls and Internet Gateways
Ensuring all devices that are connected to the internet are protected by a properly configured firewall. An internet gateway can deny access to users within your organisation to websites or other online services that present a threat.
2. Secure Configuration for devices and software
Systems and software must be configured in the most secure way for the needs of the organisation. Password management and policies are also a key part of this control area.
3. Access control
Controlling who has access to systems and at what level.
4. Malware protection
Ensuring that virus and malware protection is installed and is up to date, plus ensuring there is sufficient user awareness.
5. Patch management
Attackers constantly identify and exploit software vulnerabilities. Checking that the latest supported version of software is used and all necessary patches have been applied.
Our Security Consultant conducts an interview with key personnel, to first identify the scope of the assessment and then proceed through the Cyber Essentials questionnaire to start documenting answers and carrying out a Gap Analysis.
We then provide a report of recommendations around implementing additional security measures to close any gaps.
As a final step, we complete and submit the documentation to the Certification body and provide the Certification once the process is complete.
This service can be carried out remotely.