The UK government today officially launched its long awaited Cyber Essentials Scheme, a new accreditation initiative which could help improve baseline security for many British firms and enable them to differentiate based on their ability to withstand cyber threats.
The technical Cyber Essentials assessment framework was drawn up by CESG, the information security arm of GCHQ, and non-profit certs organization CREST, based on specs created by the Information Security Forum (ISF).
It covers “fundamental technical security controls” which firms need to have in place to deflect internet-based threats.
Organizations of all sizes can apply for accreditation, with the scheme covering a broad range of IT elements including end-user devices such as desktop PCs, laptops, tablets and smartphones, and internet-connected systems like email, web and application servers.
The scheme will be particularly useful to smaller UK organizations which have historically struggled to adequately address information security risk, according to CREST president, Ian Glover.
“They have believed that they someone else has been responsible for the security of their Internet connections and that the web applications they use have been developed with appropriate levels of security,” he told Infosecurity. “This is certainly not always the case and those wishing to cause harm now view them as a soft and often easy target.”
He claimed that the scheme would allow such businesses “to access skilled, knowledgeable and competent security professionals working for trusted organizations at a price they can afford”.
“The Cyber Essentials scheme allows these organisations to take the first steps in securing their business,” Glover added. “It helps them to ensure that they have the cyber equivalent of closing the windows and locking the doors to their premises.
Displaying a Cyber Essentials ‘badge’ will also enable smaller businesses to demonstrate they have taken various steps to bolster information security. This de facto security kitemark could help them differentiate in the market whilst allowing IT buyers to make more informed decisions when purchasing goods and services.
The scheme was launched this morning by universities minister David Willetts and it will form another element of the government’s Cyber Security Strategy announced back in 2011.
Skyscape Cloud Services is one of the first businesses to adopt the scheme. Its CTO, Simon Hansford, said the scheme will help the firm demonstrate to its mainly public sector customers its “commitment to security”.
"Schemes such as this are crucial in order to equip businesses with the knowledge and actionable steps that will enable them to understand and recognise threat actors and reduce risks within their own organizations, and ultimately become more resilient and secure as a result,” he added.