Cyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications
By Alan Calder
()
About this ebook
Cyber attacks are a fact of life in the information age. For any organisation that connects to the Internet, the issue is not if an attack will come, but when. Most cyber attacks are performed by relatively unskilled criminals using tools available online. These attacks are often opportunistic: looking for easy targets rather than rich pickings.
The Cyber Essentials scheme is a UK government-backed effort to encourage UK-based organisations to improve their cyber security by adopting measures (called controls) that defend against common, less-sophisticated cyber attacks. The scheme recommends practical defences that should be within the capability of any organisation.
The Cyber Essentials scheme has two levels:
- The basic Cyber Essentials; and
- Cyber Essentials Plus.
This first part of this book will examine the various threats that are most significant in the modern digital environment, their targets and their impacts. It will help you to understand whether your organisation is ready for Cyber Essentials or Cyber Essentials Plus certification.
The second part of the book presents a selection of additional resources that are available to help you implement the controls or become certified.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
ISO 22301:2019 and business continuity management - Understand how to plan, implement and enhance a business continuity management system (BCMS) Rating: 5 out of 5 stars5/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5ISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsEU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5The Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratings
Related to Cyber Essentials
Related ebooks
Cyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratings7 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Complete Guide to Building an Information Security Program Rating: 0 out of 5 stars0 ratingsCybersecurity Design Principles: Building Secure Resilient Architecture Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Mindset: Cultivating a Culture of Vigilance Rating: 0 out of 5 stars0 ratingsCybersecurity and Third-Party Risk: Third Party Threat Hunting Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsStart-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Rating: 0 out of 5 stars0 ratingsPenetration Testing: A guide for business and IT managers Rating: 0 out of 5 stars0 ratingsCISSP Exam Study Guide: NIST Framework, Digital Forensics & Cybersecurity Governance Rating: 5 out of 5 stars5/5Cyber Security: The complete guide to cyber threats and protection Rating: 0 out of 5 stars0 ratingsInformation Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsCybersecurity Jobs & Career Paths: Find Cybersecurity Jobs, #2 Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5Securing Cloud Services - A pragmatic guide: Second edition Rating: 0 out of 5 stars0 ratingsAnti Hacking Security: Fight Data Breach Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsSeven Deadliest Network Attacks Rating: 3 out of 5 stars3/5CEH v11: Certified Ethical Hacker Version 11 Practice Tests Rating: 0 out of 5 stars0 ratingsBusiness Practical Security Rating: 0 out of 5 stars0 ratings(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide Rating: 0 out of 5 stars0 ratingsLessons Learned: Critical Information Infrastructure Protection: How to protect critical information infrastructure Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsInformation Security Auditor: Careers in information security Rating: 0 out of 5 stars0 ratings
Security For You
How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Codes and Ciphers Rating: 5 out of 5 stars5/5
Reviews for Cyber Essentials
0 ratings0 reviews
Book preview
Cyber Essentials - Alan Calder
Cyber Essentials
A guide to the Cyber Essentials and Cyber Essentials Plus certifications
Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:
IT Governance Publishing Ltd
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom
www.itgovernancepublishing.co.uk
© Alan Calder, 2023.
The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.
First edition published in the United Kingdom in 2023 by IT Governance Publishing.
ISBN 978-1-78778-436-9
Cover image originally sourced from Shutterstock®.
ABOUT THE AUTHOR
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.
Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ).
He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
ACKNOWLEDGEMENTS
I would like to thank Nigel Evans, Technical Writer at GRC International Group Plc, for his help developing the material in this book.
CONTENTS
Chapter 1: The Cyber Essentials scheme
Why get certified?
Which contracts require Cyber Essentials?
What am I protecting?
Beyond and outside Cyber Essentials
Structure of this book
Part 1: Requirements for basic technical protection from cyber attacks
Chapter 2: Types of attack
Social engineering
Denial of service (DoS)
Password attacks
Threats outside the perimeter
Misconfiguration and unpatched vulnerabilities
Ransomware
Scoping
Implementation and documentation
Chapter 3: Technical control themes
Technical control theme 1: Firewalls
Technical control theme 2: Secure configuration
Technical control theme 3: User access control
Technical control theme 4: Malware protection
Technical control theme 5: Security update management
Further guidance from Cyber Essentials
Part 2: Gaining cyber essentials certification
Chapter 4: Certification
Externally managed services and scope
Cyber Essentials checklist
Cyber Essentials certification process
Getting certified – Cyber Essentials Plus
Appendix 1: Further assistance
Practical help and consultancy
Useful documents and further information
The next step – cyber security standards
Staff training
Cyber resilience
Appendix 2: IT Governance resources
Certification only
Get A Little Help
Get A Lot Of Help
Cyber Essentials Plus Health Check
Penetration testing
Gap analysis
GRC eLearning courses
Further reading
CHAPTER 1: THE CYBER ESSENTIALS SCHEME
Cyber attacks are a fact of life in the information age. For any organisation that connects to the Internet, the issue is not if an attack will come, but when. Most cyber attacks are performed by relatively unskilled criminals using tools available online. These attacks are often opportunistic: looking for easy targets rather than rich pickings.
The Cyber Essentials scheme is a UK government-backed effort to encourage UK-based organisations to improve their cyber security by adopting measures (called controls) that defend against common, less-sophisticated cyber attacks. The scheme recommends practical defences that should be within the capability of any organisation. Cyber Essentials is the digital equivalent of a locked front door and closed windows, rather than barbed wire, guard patrols and watchtowers.
The Cyber Essentials scheme was created in 2014 by the National Cyber Security Centre (NCSC), which is a part of the UK government. There was a major update to the scheme in 2022, which changed some of the requirements, and a smaller update in January 2023. These changes were largely prompted by developments in