Cyber Essentials Scheme
As a CREST accredited Certifying Body, MTI can now help organisations achieve Certification to the new Cyber Essentials Scheme (CES) driven by the UK Government. MTI consultants can support the process from start to finish including assisting in completing self-assessments, conducting the tests and supporting on the remediation controls to achieve a pass, at which point MTI issues a Cyber Essentials Certificate.
The Cyber Essentials Scheme (CES) has been developed by Government (BIS), industry and accreditation authorities to fulfil two functions:
1. Provide a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based Cyber Security threats.
2. Through the Assurance Framework (comprising of annual assessments and certification delivered by approved Certification Bodies), offer a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
The CES defines a set of basic cyber hygiene controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill and are widely available online. However, it is not designed to address more advanced, targeted attacks.
From 1st October 2014 CES certification will be mandated for companies bidding for certain government contracts that include handling sensitive and personal information.1
CREST’s version of the CES assessment currently comprises two stages: