Cyber Essentials is a Government backed scheme to assist businesses put in place controls to protect themselves against the increased number of cyber-attacks originating through the Internet and emails. The purpose of the scheme is to provide a clear statement of what controls have been put in place to protect against cyber threats. The controls must demonstrate how an organization is addressing cyber security effectively and are capable of mitigating risks coming from cyber-threats.
Cyber Essentials ensure data protection and helps companies to understand how data is used, secured or compromised. There are one of two Cyber Essentials badges, backed by the Federation of Small Businesses, the CBI, and many insurance companies who offer incentives to businesses.
The scheme focuses on the following five essential mitigation strategies within the context of the 10 Steps to Cyber Security guide.
Organisations are offered guidelines for implementation of cyber essentials and provided with independent certification for those who want it.
Providing a fundamental level of protection, the cyber essentials scheme enables organizations to practice robust cyber security principles and make it their unique selling point for attracting new business. Upon certification, they can then demonstrate to their customers that their data is adequately protected and that they take cyber security seriously.
The Cyber Essential Controls can be mapped against the controls required by ISO/IEC 27001, the Standard of Good Practice, and IASME Governance, although Cyber Essentials has a narrower focus, emphasising technical controls rather than governance, risk, and policy.