Cyber Essentials Plus

CCSW have continued with our drive to promote the Cyber Essentials Plus scheme. Thus, leading to significant benefits for our clients. We’ve established a system that makes the process seamless. We also ensure our clients understand the security changes and the benefits of the improvements:

• Reassure customers that you are working to secure your IT against cyber attack.
• Attract new business with the promise you have cyber security measures in place.
• Give a clear picture of your organisation’s cyber security level.
• Grow business as some Government contracts require Cyber Essentials certification.

In every case involving Cybercrime that I’ve been involved in. I’ve never found a master criminal sitting somewhere in Russia or Hong Kong or Beijing. It always ends up that somebody at the company did something they weren’t supposed to do. They read an email or went to a website they weren’t supposed to.

Frank Abagnale

The Audit

The aim of the Cyber Essentials assessment is to confirm Cyber Essentials controls are in place on the organisations network. Firstly, Cyber Essentials Plus involves an audit of your system by a trained assessor. As a result, clients can declare your organisation has been proven to meet security standards set out by Cyber Essentials. This enables you to interact with clients, business partners and staff confidently and securely.

The key elements of a Cyber Essentials Plus audit can be summarised as follows:

• An assessor will pick a sample of computers at your organisation (up to 5 of each type of machine depending on scale of your network) and perform an audit. This will ensure the devices are configured as per the scheme.
• A security scan will be performed on these machines to confirm patching and basic configuration is at an acceptable level.
• An external port scan of your internet facing IP addresses will be conducted. As a result of which, no clear and obvious security issues should be identified.
• Your email/internet browser will be tested to confirm how well configured they are. As a result will prevent fake and malicious files.
• Screenshots will be taken as evidence that the system is Cyber Essentials compliant.