The UK Government has launched its Cyber Essentials Scheme. According to the Coalition, the scheme provides clarity to organisations on what good cyber security practice is and sets out the steps they need to follow to manage cyber risks.
Once organisations have been independently assessed against the best practice recommendations they can apply for the Cyber Essentials award. This will demonstrate to customers that businesses have achieved a level of cyber security and take it seriously. The new scheme is also applicable to other organisations including universities, charities and public bodies.
Universities and Science Minister David Willetts, pictured, said: “Cyber Essentials is an easy to use cost effective way to help businesses and the public sector protect themselves against the risks of operating online. Organisations will now be able to easily demonstrate they are cyber safe – reassuring their clients, boosting confidence and profitability. I encourage all organisations to adopt it.” Details of the scheme can be found at https://www.gov.uk/government/publications/cyber-essentials-scheme-overview.
The Cyber Essentials profile is now available to download. Organisations can self-assess themselves now and from this summer will be able to apply to be assessed and gain formal certification, leading to award of a Cyber Essentials badge.
Comment
Despite not being a law, international information security frameworks such as ISO27001 and PCI DSS are seen by some as minimum contractual requirements. With a growing number of new laws and regulations, how can organisations ensure they address the ever-increasing compliance challenges around digital security and data protection imposed by their governments? So asks Alan Calder, Founder and Executive Chairman of IT Governance. He says: “The intersection between regulation and cyber security is becoming more overt. If you look at the various laws and regulations worldwide, you will recognise that cyber security underpins most of them in one way or another. For example, the Data Protection Act in the UK, the Protection of Personal Information Act (POPI) in South Africa, the Health Insurance Portability and Accountability Act in the US and other state level breach laws, have all been enacted to protect personal data.
“Adopting a joined-up approach to compliance and cyber security will become increasingly important for organisations. It will enable them to protect their information assets while complying with various legislative and regulatory requirements more efficiently.”
Cyber security is driven by a number of factors, he suggests, including governmental security concerns, customer and stakeholder pressure, corporate competitiveness and survival.
Calder adds: “The approach to compliance and the approach to cyber security are very similar – in both cases an organisation needs to take process, people and technology into account, while ensuring that the confidentiality, integrity and availability (CIA) of information is kept intact. The CIA model is at the basis of every information security management system, but it’s also very relevant to compliance.”
