The Cyber Essentials (CE) scheme has grown a lot since its first launch in 2014. Together with the “10 Steps to Cyber Security”, it has become an essential part of the UK’s government’s cyber security toolkit.
There is no right answer in security, as there are always a number of factors to take into account, such as the capability of threat actor, the business need, the risk appetite, etc. That’s why publications like the 10 Steps and ISO27000 offer ingredients (ie security controls) but leave it to individual organisations to concoct recipes based on their individual circumstances.
CE developed a common recipe based on evidence of the attacks we were seeing at the time. It was not intended to be a silver-bullet for all forms of cyber-attack, but to offer organisations a first step in their journey to protecting themselves in cyber space.
How did they select the controls?
Through using the risk scenario, they were able to select and justify the 5 controls that they believed were the minimum needed to ensure an organisation was confident it was adequately protecting its system.
Organisations often have competing priorities for resources and therefore, they focused on a small number of technical controls that if implement consistently would make a tangible difference to an organisation’s cyber security and would minimise the damage caused when someone opened a malicious attachment or clicked on a link.
Fera Science has been awarded CE Scheme certification against cyber-attack helping us guard you against the most common cyber threats and demonstrate our commitment to cyber security.