Investing in cyber security certification

If your organisation has that respective vulnerability, you could be a target by default. Think of the speculative burglar stumbling upon an unlocked door or open window! Solutions don’t have to be complicated or expensive. If you are looking to invest in a cyber security certification then this blog is for you.

Introduction

IASME is one of just five companies appointed as Accreditation Bodies for assessing and certifying against the Government's Cyber Essentials Scheme. The Scheme focuses on the five most important technical security controls. These controls were identified by the government as those that, if they had been in place, would have stopped the majority of the successful cyber attacks over the last few years.

The IASME Governance standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government when in consultation with trade associations and industry groups.  The IASME governance self assessment includes the Cyber Essentials assessment within it as well as an assessment against the requirements of the GDPR.

cyber essentials

Despite the prevalence of cyber threats, too few organisations apportion cyber security the seriousness it demands. Whilst you may not consider your own business at risk, many attacks exploit vulnerabilities. If your organisation has that respective vulnerability, you could be a target by default. Think of the speculative burglar stumbling upon an unlocked door or open window!

Solutions don’t have to be complicated or expensive. Cyber Essentials, for example, is a Government backed certification that assesses good cyber security practice whilst simultaneously, stimulating business opportunities and supporting legal responsibilities.

The scheme was originally introduced following Government concern that organisations were not implementing the basic measures that protect against an ever-growing cyber threat. It covers 5 core areas identified as those that, had measures been in place, would have prevented the majority of attacks over recent years. The 5 areas are:

update greyAccess Control - Preventing unhappy staff or external cyber criminals making system changes
Secure Configuration - locking any open doors not required.
Software updates – preventing cyber criminals using mistakes in software as a way to enter your system.
Anti- Malware – spot and immobilise viruses before they have the chance to cause harm.
Firewalls/Routers – provide the protection between computers and the internet.

 

As more organisations seek the assurance of a cyber secure supply chain, Cyber Essentials certification can positively contribute to winning new business opportunities. Initially led by the public sector, the private sector is now increasingly mandating or actively encouraging certification.

The Information Commissioner describes cyber security and data protection as being ‘inextricably linked’. Indeed, GDPR requires ‘appropriate security of personal data’ as a core principle. The Information Commissioner’s Office values the dynamics of Cyber Essentials in helping secure personal data.

As Cyber Essentials focusses on technical measures, organisations may enhance security further through the implementation of good people and practice governance which can also be certified against the likes of IASME Governance or ISO 27001.

‘Invest’ is not usually a word associated with cyber solutions, yet, investing in security can contribute to business growth and continued prosperity. To download the Cyber Essentials or IASME Governance questions free of charge, please visit www.iasme.co.uk.

IASME Consotrium colour