UK Government launches “Cyber Essentials” badge

more+
less-

The UK Government has launched a new cyber security certification framework called “Cyber Essentials“.

This is part of a continuing effort to get business to take cyber security seriously in the wake of the recent Target, ebay and other breaches. It follows the UK’s 2012 initiative on “10 Steps to Cyber Security”. It is backed by the American International Group Inc, British Insurance Brokers Association, the International Underwriting Association, Marsh and Swiss Re as well as the UK Government.

What does Cyber Essentials involve?

Basically, the organisation self-assesses its systems against Cyber Essentials requirements. The assessment is then independently verified. This is the low cost option.

Organisations can also be independently tested (so called “Cyber Essentials Plus”). Certification bodies will offer the test and verification searches.

Cyber Essentials concentrates on five key controls:

• Boundary firewalls and internet gateways
• Secure configuration
• Access control
• Malware protection
• Patch management.

What does this achieve?

Cyber Essentials will offer a basic level of “cyber hygiene” but will not address more advanced targeted attacks that many of the big brands have suffered recently. It isn’t a comprehensive risk management programme of the sort that large organisations will be required to have in place. So all that money spent on ISO 27000 has not been wasted!

Nevertheless, Cyber Essentials aims to provide “basic protection from the most prevalent forms of threats coming from the Internet” and “cost effective basic cyber security for organisations of all sizes”.

Any impact for large organisations?

Large organisations may be tempted to get the badge. It can’t do any harm in dealing with consumers at a time when consumer unease about cyber security risk is increasing.

UK Government has also said that it will require all suppliers bidding for certain contracts which are assessed as “higher risk” to be Cyber Essentials certified. They say that this is likely to include ICT and personal and sensitive information handling contracts. So, many who provide services to the public sector will almost certainly need the badge.

 

Topics:  Cybersecurity, Cybersecurity Framework, Data Protection, Popular, UK

Published In: General Business Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »