Cyber Essentials & Cyber Essentials Plus

Who is it for?

Let’s start with the basics: Cyber Essentials is a UK Government backed scheme that is specifically designed for protecting organisations against common cyber-attacks.

Upon passing the scheme, your business receives a Cyber Essentials certification, a listing on the Cyber Essentials database, and you may also be entitled to Cyber Insurance. Cyber Essentials can be used either to certify your entire organisation, or it can be focused on a specific business unit provided that there is suitable network segregation.

The government took action in 2014 to reduce the security risk within their supply chain by introducing a mandate for any organisation embarking on a government contract to be certified against the Cyber Essentials scheme.

Cyber Essentials was introduced by the UK government to help organisations mitigate 80% of cyber threats. The National Cyber Security Centre (NCSC) encourages all organisations that are based in or trading with the UK to implement either the Cyber Essentials or Cyber Essentials Plus scheme.

How can we help?

Secarma consists of an experienced group of cybersecurity experts,
highly skilled in penetration testing, training, and consultancy.

Drawing on experience gained over 20 years in business, and with a strong reputation to match, Secarma is the best choice for your cybersecurity needs; We’re continuously investing in research, internal training, and technical development to ensure we provide our customers with the best service.

Our consultative approach is how we stand out from the competition. We put you in touch with one of our experienced testers from the get-go, meaning you’ll have an expert by your side throughout the process.

Our consultants are all highly accredited, passionate, and proficient not just at hacking into your systems, but also communicating to senior management and security teams how they achieved this.

By working with us, you can give your security team a better idea of what to expect, and
prepare your business for real-world attacks.

What we test

Cyber Essentials Basic:

Cyber Essentials Basic requires you to answer a series of questions covering key aspects of your information security – this helps you to understand your organisations strengths and identify your weaknesses.

Cyber Essentials Plus:

On the day of testing, our expert assessor will complete the following
activities

• External Vulnerability Scan of public facing IPs
• Internal Vulnerability Scan with credentials on a sample of end user
  devices and server
• Account Segregation Test on end user devices
• Anti Malware testing
• Review of MFA implementation

To achieve certification, all tests must be passed. Should any remedial work be required then you will have 30 days to make any changes and then undergo re-testing.

The areas of vulnerability that Cyber Essentials aims to assess include:

• Firewalls
• Secure Configuration
• Security Update Management
• User Access Controls
• Password Based Authentication
• Malware Protection

By implementing these technical controls, your organisation can defend itself against the most common cyber threats whilst being part of the endeavour to make the UK one of the safest places to do business.

Achieving Cyber Essentials Plus not only demonstrates an enhanced commitment to cyber
security but also allows one of our technical auditors to review the implementation of security controls to ensure that they are in place and effective.