What is Cyber Essentials Plus?

A Cyber Essentials scheme was created to assist businesses in prevention against common Cyber attacks and within this scheme lies two stages: Cyber Essentials Standard and Cyber Essentials Plus.

Alongside Cyber Essentials Verified Self-Assessment, Cyber Essentials are technical assessment to add further confirmation and assurance that the controls stated in the Cyber Essentials for your organisation are effectively implemented into your network Many desktop publishing packages and web page editors

This will be done with one of our assessors from the IASME Cyber Certification Body who will then conduct a remote audit of your organisations systems.

Audit Steps
  • Vulnerability scan: Your network will undergo a vulnerability scan to check that your basic configurations are up to standard.
  • External venerability assessment: Your public IP address will be scanned for any vulnerabilities.
  • Internal vulnerability assessment: A vulnerability assessment will be performed on a sample of your devices. We will be looking for any critical vulnerabilities, misconfigurations and unsupported software.
  • Email and browser test: We will test your email scanner and default browsers to examine how secure they are. Essentially you be hoping that your email and browser security measures detect malicious emails and files in order to pass this stage.
  • Screenshots will be captured for evidence

In order to be verified with Cyber Essentials  Plus your organisations systems must pass all the stages audited, of course you should hope for little to no vulnerabilities. In assessing, vulnerabilities are categorised as per their CVSS score.

These categories being Critical, High, Medium and Low. should any vulnerabilities be discovered, they should be rectified, failure to do this in the period of 30 days will result in a failure. In the case of a pass, your organisation will receive a Cyber Essentials s Plus verification which is valid for 12 months from certification date thus needing to be annually renewed.

 
Frequently asked questions
Most frequent questions and answers
How do I prepare for a Cyber Essentials Plus audit? Most my organisation be based in the UK to be certified?

Remove software that isn’t used regularly from every device

Software should be updated on every device and server. Your organisation can be based internationally and still receive a certification

What are the five key controls?

1) Secure configuration

2) User access control

3) Firewalls

4)Malware protection

5)Security update management

Why should you get Cyber Essentials?

Certified cyber security
Reassure customers that you are working to secure your IT against cyber attack

Attract new business with the promise you have cyber security measures in place
You have a clear picture of your organisation’s cyber security level
Some Government contracts require Cyber Essentials certification

Cyber Essentials Plus Get A Quote
Twitter
LinkedIn
LinkedIn
Share