A background to Cyber Security
In 2012, HM Government launched the 10 Steps to Cyber Security guide. This guide was published to inspire organisations to reflect their cyber security measures, and to establish whether organisations thought they were managing their cyber risks appropriately.
The 10 steps created great awareness in industry but after careful analysis the government discovered that a number of security controls were still not being implemented effectively, hence the Cyber Essentials scheme and its requirements being born.
What are the 10 steps?
- Information risk management regime –
- Managing user privileges - limit user privileges and monitor user activity
- Incident management – Incident response and disaster recovery capabilities
- Monitoring – Continuously monitor all systems and network logs for unusual activity
- Home and mobile working – Implement mobile working policies and train staff to adhere
- Secure configuration – Security patch and configuration management
- Removable media controls – Implement policies to control access to all removable media
- Malware prevention – Establish anti-malware defences across your organisation
- User education and awareness – Staff awareness training
- Network security – Monitor and test all security controls
From 1 October 2014, Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme, this is a compulsory pre-requisite before entering in to any works.
Cyber Essentials focuses on five crucial approaches within the context of the 10 Steps to Cyber Security guide.
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Kayo and Cyber Essentials
Recent reports show that the number of cyber attacks is increasing, threats are becoming more sophisticated and are constantly adapting to complex IT environments, systems and corporate connections.
Having Cyber Essentials allows us to demonstrate to our customers that their data is protected, and we take management of their information seriously. Having this accreditation boasts that at Kayo we are constantly taking the necessary steps to reduce cyber risks to our business, developments and customers sensitive information.