SlideShare una empresa de Scribd logo

What is the UK Cyber Essentials scheme?

Descargar como PPTX, PDF
IT Governance Ltd
IT Governance Ltd

Find out about the UK Government's new Cyber Essentials scheme -what it is, how you can comply and why it is good for your business.

Empresariales
1 de 28
What is the Cyber Essentials scheme, and, how do we comply? 21st August 2014 Alastair Stewart IT Governance Ltd www.itgovernance.co.uk
Introduction • Alastair Stewart • PCI DSS Consultant at IT Governance Ltd • Cyber Essentials Consultant & Trainer • Associate of (ISC)2 for CISSP © IT Governance Ltd 2014 2
Agenda • Cyber breaches: key facts • What sorts of breaches? • An overview of Cyber Essentials • The requirements of CES • IT Governance; a CREST-accredited certification body • Meeting the CES requirements at your own pace and within budget • How documentation aids compliance • Going beyond CES • Using CES as part of your wider cyber resilience © IT Governance Ltd 2014 3
Cyber breaches: key facts © IT Governance Ltd 2014 60% of breached small organisations close down within 6 months – National Cyber Security Alliance 4 • In 2013 81% of large organisations & 61% of small organisation suffered data breaches. • The median number of breaches per company were: Large organisations: 16 Small organisations: 6 • Average cost of the worst single breach: Large organisations: £600k - £1.15m Small organisations: £65k - £115k • 59% of respondents expect more breaches this than last PwC and BIS: 2014 ISBS Survey
What sorts of breaches? © IT Governance Ltd 2014 5 Of Large Organisations: • External attack – 55% • Malware or viruses – 73% • Denial of Service – 38% • Network penetration (detected) – 24% – (if you don’t think you’ve been breached, you’re not looking hard enough) • Know they’ve suffered IP theft – 16% • Staff-related security breaches – 58% • Breaches caused by inadvertent human error – 31% PwC and BIS: 2014 ISBS Survey
Cyber Risk: How Should Boards Respond? © IT Governance Ltd 2014 Governance of Cyber Security Board 6 Cyber Risk environment Monitor Performance Conformance Business Objectives Direct Plans & Policies Evaluate Proposals Security Management Business and IT, Activities and Processes “Corporate governance consists of the set of processes, customs, policies, laws and institutions affecting the way people direct, administer or control a corporation.” (Wikipedia) Management “is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively.” (Wikipedia) Governance ≠ Management
Cyber Security Framework © IT Governance Ltd 2014 7 Effective cyber security depends on resilience: co-ordinated, integrated preparations for rebuffing, responding to and recovering from a wide range of possible attacks. • A strategy is essential. • A management system is fundamental. • Defence, continuity, and recovery must each be provided for. • No single stand-alone solution is sufficient. • Money will be required • 80% of breaches could be prevented through basic security ‘hygiene’
Why assess Cyber Security risk? © IT Governance Ltd 2014 8 Demands for assurance 74% of respondents say their customers prefer dealing with suppliers with proven cyber security credentials, while 50% say their company has been asked about its information security measures by customers in the past 12 months. The need for increased compliance Given our findings, and the fact the existence of best practice information security standard ISO/IEC 27001 is known to 87% of respondents, it is striking that only 35% of responding organisations are compliant with the standard.
The Cyber Essentials Scheme • A government scheme designed to make the UK a safer place for online business • Part of the governments National Cyber Security Strategy • Outlines requirements for mitigating the most common internet based threats • Designed not to exclude SME’s © IT Governance Ltd 2014 9
Background to CES • Has evolved from other schemes and HMG guidance such as – 10 Steps to Cyber Security – Small Businesses: What you need to know about cyber security • Forms the next stage from these schemes • Gives practical controls to implement • Involves a level of independent testing to give assurance to other parties • Designed as a security profile for all businesses to follow • Addresses SME specific challenges in implementing cyber security © IT Governance Ltd 2014 10
Certification Options • Cyber Essentials – Self-Assessed by completing a questionnaire – Certification Bodies will verify compliance – Different CB’s will use different methods to verify compliance • Cyber Essentials Plus – All of the previous option – Also includes independent vulnerability testing • The different options don’t indicate the security stance, but the robustness of the check on the security stance © IT Governance Ltd 2014 11
Scoping Controls of CES • The scope should be clearly defined at the start of a CES project • It should include internal and external systems • You should consider service providers such as cloud service or hosting providers • Should exclude bespoke or highly complex IT systems (SCADA, POS etc.) • A meaningless scope creates a useless implementation © IT Governance Ltd 2014 12
The CES Controls 1. Boundary firewalls and internet gateways 2. Secure Configuration 3. User Access Control © IT Governance Ltd 2014 13 Objective: Information, applications and computers within the organisation’s internal networks should be protected against unauthorised access and disclosure from the internet, using boundary firewalls, internet gateways or equivalent network devices. Objective: Computers and network devices should be configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role. Objective: User accounts, particularly those with special access privileges (e.g. administrative accounts) should be assigned only to authorised individuals, managed effectively and provide the minimum level of access to applications, computers and networks.
The CES Controls 4. Malware Protection 5. Patch Management © IT Governance Ltd 2014 14 Objective: Computers that are exposed to the internet should be protected against malware infection through the use of malware protection software. Objective: Software running on computers and network devices should be kept up-to-date and have the latest security patches installed.
Certification Bodies • Accreditation bodies – Accredits or licences organisations to be certification bodies – Ensures certification bodies are competent and able to implement the certification process • Certification bodies – Must meet the requirements set out by the accreditation bodies – Must follow the accreditation bodies certification scheme • Currently only two AB’s: IASME & CREST • IASME CB’s can only certify to CE • CREST CB’s can certify to CE and CE+ © IT Governance Ltd 2014 15
IT Governance Ltd; a CREST approved CB • We follow CREST’s certification scheme • Allows certification at both levels • CE is verified by external vulnerability scanning – Provides a more robust check than just the questionnaire • CE + uses internal vulnerability assessments – Assessments performed by CREST approved penetration testers © IT Governance Ltd 2014 16
© IT Governance Ltd 2014 17 How to comply? IT Governance can help.
© IT Governance Ltd 2014 18 We are a CREST member and a CREST-accredited certification body for CES.
DO-IT-YOURSELF  Certification © IT Governance Ltd 2014 19 We offer three solutions for certification. You implement the requirements yourself and we provide certification subject to compliance. GET A LITTLE HELP GET A LOT OF HELP  Training  Toolkit  Online help  Certification  On-site consultancy  Toolkit  Certification We give you the implementation tools and provide certification subject to compliance. We show you how to implement the requirements and provide certification subject to compliance.
Why us? • CREST approved • Able to offer both CE and CE+ certification • Perform both the external and internal scanning in house • Expertise surrounding Cyber Resilience • Able to integrate CES into other information security standards © IT Governance Ltd 2014 20
The Toolkit • Designed to aid in meeting the controls • Includes policy and procedure templates • Utilises record templates • Includes a Gap Analysis tool © IT Governance Ltd 2014 21
The Gap Analysis Tool • Easy and simple interface • Lists all the controls and requirements • Offers locations to find further guidance • Clear and simple summary layout to show progress © IT Governance Ltd 2014 22
Why Policies and Procedures? • Most effective way of implementing the controls and maintaining compliance – Allows you to set the accepted standard for the five control areas – Responsibility for the controls can be assigned through policies – Effectiveness of the controls can be monitored – Procedures for implementing the controls can be developed and standardised • Writing policies requires a level of understanding on management systems © IT Governance Ltd 2014 23
Beyond CES • CES is derived from ‘10 Steps to Cyber Security’ – Only covers 5 of the 10 • Mapped to ISO/IEC 27001 & 27002 • Mapped to PCI DSS • Compliance with another standard doesn’t automatically mean compliance with CES © IT Governance Ltd 2014 24
Next steps to consider © IT Governance Ltd 2014 25 • Evolve your CES into an ISMS and create a robust and cyber resilient system for your business processes. • Consider the Cloud Controls Matrix (CCM) as well as protecting devices with BYOD policies and procedures. • Make the right choice for a permanent solution.
ISO27001 The Cyber Security Standard ISO/IEC 27001, together with the international code of practice, ISO/IEC 27002, provide a globally recognised standard and best-practice framework for addressing the entire range of cyber risks © IT Governance Ltd 2014 26 - Could be a first step to ISO27001 - Could add strength to an existing ISMS
Benefits Impress stakeholders © IT Governance Ltd 2014 27 Being Cyber Resilient Reduce Protect Survival jobs insurance costs Major cost saving Impress customers Protect reputation Avoid significant disruption Win new business: - Existing markets - Supply Chain Assurance - Contracting with HMG
Any Questions? For more information on our products and services you can simply email us here: © IT Governance Ltd 2014 team@itgovernancepublishing.co.uk Or call us on: +44 (0)1353 771107 28 Cyber Essentials: A Pocket Guide £3.49 Cyber Essentials Gap Analysis Tool £19.95 Cyber Essentials Documentation Toolkit £99.95 DIY Package CE: £400 CE Plus: £1,150 ‘Get a little help’ Package CE: £885 CE Plus: £1,635 ‘Get a lot of help’ Package CE: £1,245 CE Plus: £1,995

Recomendados

An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
Security Awareness & Training
Security Awareness & TrainingSecurity Awareness & Training
Security Awareness & Training
novemberchild
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
Terranovatraining
 

Recomendados

An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
Security Awareness & Training
Security Awareness & TrainingSecurity Awareness & Training
Security Awareness & Training
novemberchild
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
Terranovatraining
 
Physical Security
Physical SecurityPhysical Security
Physical Security
Kriscila Yumul
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
Mighty Guides, Inc.
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptx
damilolasunmola
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
Cyber Security Infotech
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
SnapComms
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
Automated incident response
Automated incident responseAutomated incident response
Automated incident response
Siemplify
 
27 Nov 2013 CDE creating effective proposals part 1 of 2
27 Nov 2013 CDE creating effective proposals part 1 of 227 Nov 2013 CDE creating effective proposals part 1 of 2
27 Nov 2013 CDE creating effective proposals part 1 of 2
Defence and Security Accelerator
 
Computer - TYPES OF MORDEM E-PAYMENT SYSTEM
Computer - TYPES OF MORDEM E-PAYMENT SYSTEMComputer - TYPES OF MORDEM E-PAYMENT SYSTEM
Computer - TYPES OF MORDEM E-PAYMENT SYSTEM
ruchidalal
 

Más contenido relacionado

La actualidad más candente

Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 

La actualidad más candente (20)

Physical Security
Physical SecurityPhysical Security
Physical Security
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity Risk
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptx
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Automated incident response
Automated incident responseAutomated incident response
Automated incident response
 

Destacado

Governance - how does information & security drive your architecture
Governance - how does information & security drive your architectureGovernance - how does information & security drive your architecture
Governance - how does information & security drive your architecture
Randy Williams
 

Destacado (11)

27 Nov 2013 CDE creating effective proposals part 1 of 2
27 Nov 2013 CDE creating effective proposals part 1 of 227 Nov 2013 CDE creating effective proposals part 1 of 2
27 Nov 2013 CDE creating effective proposals part 1 of 2
 
Computer - TYPES OF MORDEM E-PAYMENT SYSTEM
Computer - TYPES OF MORDEM E-PAYMENT SYSTEMComputer - TYPES OF MORDEM E-PAYMENT SYSTEM
Computer - TYPES OF MORDEM E-PAYMENT SYSTEM
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials
 
Governance - how does information & security drive your architecture
Governance - how does information & security drive your architectureGovernance - how does information & security drive your architecture
Governance - how does information & security drive your architecture
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
 
Data Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceData Driven Cybersecurity Governance
Data Driven Cybersecurity Governance
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governance
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 

Similar a What is the UK Cyber Essentials scheme?

Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
EnclaveSecurity
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
Scott Baron
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Tripwire
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
EnclaveSecurity
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Withum
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
AkramAlqadasi1
 

Similar a What is the UK Cyber Essentials scheme? (20)

How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
UMASS-NISTCSF-October-2016-Presentation-rev2.pptxUMASS-NISTCSF-October-2016-Presentation-rev2.pptx
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Cmgt 430 cmgt430 cmgt 430 education for service uopstudy.com
Cmgt 430 cmgt430 cmgt 430 education for service uopstudy.comCmgt 430 cmgt430 cmgt 430 education for service uopstudy.com
Cmgt 430 cmgt430 cmgt 430 education for service uopstudy.com
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
 

Más de IT Governance Ltd

NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 

Más de IT Governance Ltd (20)

GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 

Último

Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Damini Dixit
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 

Último (20)

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 

What is the UK Cyber Essentials scheme?

  • 1. What is the Cyber Essentials scheme, and, how do we comply? 21st August 2014 Alastair Stewart IT Governance Ltd www.itgovernance.co.uk
  • 2. Introduction • Alastair Stewart • PCI DSS Consultant at IT Governance Ltd • Cyber Essentials Consultant & Trainer • Associate of (ISC)2 for CISSP © IT Governance Ltd 2014 2
  • 3. Agenda • Cyber breaches: key facts • What sorts of breaches? • An overview of Cyber Essentials • The requirements of CES • IT Governance; a CREST-accredited certification body • Meeting the CES requirements at your own pace and within budget • How documentation aids compliance • Going beyond CES • Using CES as part of your wider cyber resilience © IT Governance Ltd 2014 3
  • 4. Cyber breaches: key facts © IT Governance Ltd 2014 60% of breached small organisations close down within 6 months – National Cyber Security Alliance 4 • In 2013 81% of large organisations & 61% of small organisation suffered data breaches. • The median number of breaches per company were: Large organisations: 16 Small organisations: 6 • Average cost of the worst single breach: Large organisations: £600k - £1.15m Small organisations: £65k - £115k • 59% of respondents expect more breaches this than last PwC and BIS: 2014 ISBS Survey
  • 5. What sorts of breaches? © IT Governance Ltd 2014 5 Of Large Organisations: • External attack – 55% • Malware or viruses – 73% • Denial of Service – 38% • Network penetration (detected) – 24% – (if you don’t think you’ve been breached, you’re not looking hard enough) • Know they’ve suffered IP theft – 16% • Staff-related security breaches – 58% • Breaches caused by inadvertent human error – 31% PwC and BIS: 2014 ISBS Survey
  • 6. Cyber Risk: How Should Boards Respond? © IT Governance Ltd 2014 Governance of Cyber Security Board 6 Cyber Risk environment Monitor Performance Conformance Business Objectives Direct Plans & Policies Evaluate Proposals Security Management Business and IT, Activities and Processes “Corporate governance consists of the set of processes, customs, policies, laws and institutions affecting the way people direct, administer or control a corporation.” (Wikipedia) Management “is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively.” (Wikipedia) Governance ≠ Management
  • 7. Cyber Security Framework © IT Governance Ltd 2014 7 Effective cyber security depends on resilience: co-ordinated, integrated preparations for rebuffing, responding to and recovering from a wide range of possible attacks. • A strategy is essential. • A management system is fundamental. • Defence, continuity, and recovery must each be provided for. • No single stand-alone solution is sufficient. • Money will be required • 80% of breaches could be prevented through basic security ‘hygiene’
  • 8. Why assess Cyber Security risk? © IT Governance Ltd 2014 8 Demands for assurance 74% of respondents say their customers prefer dealing with suppliers with proven cyber security credentials, while 50% say their company has been asked about its information security measures by customers in the past 12 months. The need for increased compliance Given our findings, and the fact the existence of best practice information security standard ISO/IEC 27001 is known to 87% of respondents, it is striking that only 35% of responding organisations are compliant with the standard.
  • 9. The Cyber Essentials Scheme • A government scheme designed to make the UK a safer place for online business • Part of the governments National Cyber Security Strategy • Outlines requirements for mitigating the most common internet based threats • Designed not to exclude SME’s © IT Governance Ltd 2014 9
  • 10. Background to CES • Has evolved from other schemes and HMG guidance such as – 10 Steps to Cyber Security – Small Businesses: What you need to know about cyber security • Forms the next stage from these schemes • Gives practical controls to implement • Involves a level of independent testing to give assurance to other parties • Designed as a security profile for all businesses to follow • Addresses SME specific challenges in implementing cyber security © IT Governance Ltd 2014 10
  • 11. Certification Options • Cyber Essentials – Self-Assessed by completing a questionnaire – Certification Bodies will verify compliance – Different CB’s will use different methods to verify compliance • Cyber Essentials Plus – All of the previous option – Also includes independent vulnerability testing • The different options don’t indicate the security stance, but the robustness of the check on the security stance © IT Governance Ltd 2014 11
  • 12. Scoping Controls of CES • The scope should be clearly defined at the start of a CES project • It should include internal and external systems • You should consider service providers such as cloud service or hosting providers • Should exclude bespoke or highly complex IT systems (SCADA, POS etc.) • A meaningless scope creates a useless implementation © IT Governance Ltd 2014 12
  • 13. The CES Controls 1. Boundary firewalls and internet gateways 2. Secure Configuration 3. User Access Control © IT Governance Ltd 2014 13 Objective: Information, applications and computers within the organisation’s internal networks should be protected against unauthorised access and disclosure from the internet, using boundary firewalls, internet gateways or equivalent network devices. Objective: Computers and network devices should be configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role. Objective: User accounts, particularly those with special access privileges (e.g. administrative accounts) should be assigned only to authorised individuals, managed effectively and provide the minimum level of access to applications, computers and networks.
  • 14. The CES Controls 4. Malware Protection 5. Patch Management © IT Governance Ltd 2014 14 Objective: Computers that are exposed to the internet should be protected against malware infection through the use of malware protection software. Objective: Software running on computers and network devices should be kept up-to-date and have the latest security patches installed.
  • 15. Certification Bodies • Accreditation bodies – Accredits or licences organisations to be certification bodies – Ensures certification bodies are competent and able to implement the certification process • Certification bodies – Must meet the requirements set out by the accreditation bodies – Must follow the accreditation bodies certification scheme • Currently only two AB’s: IASME & CREST • IASME CB’s can only certify to CE • CREST CB’s can certify to CE and CE+ © IT Governance Ltd 2014 15
  • 16. IT Governance Ltd; a CREST approved CB • We follow CREST’s certification scheme • Allows certification at both levels • CE is verified by external vulnerability scanning – Provides a more robust check than just the questionnaire • CE + uses internal vulnerability assessments – Assessments performed by CREST approved penetration testers © IT Governance Ltd 2014 16
  • 17. © IT Governance Ltd 2014 17 How to comply? IT Governance can help.
  • 18. © IT Governance Ltd 2014 18 We are a CREST member and a CREST-accredited certification body for CES.
  • 19. DO-IT-YOURSELF  Certification © IT Governance Ltd 2014 19 We offer three solutions for certification. You implement the requirements yourself and we provide certification subject to compliance. GET A LITTLE HELP GET A LOT OF HELP  Training  Toolkit  Online help  Certification  On-site consultancy  Toolkit  Certification We give you the implementation tools and provide certification subject to compliance. We show you how to implement the requirements and provide certification subject to compliance.
  • 20. Why us? • CREST approved • Able to offer both CE and CE+ certification • Perform both the external and internal scanning in house • Expertise surrounding Cyber Resilience • Able to integrate CES into other information security standards © IT Governance Ltd 2014 20
  • 21. The Toolkit • Designed to aid in meeting the controls • Includes policy and procedure templates • Utilises record templates • Includes a Gap Analysis tool © IT Governance Ltd 2014 21
  • 22. The Gap Analysis Tool • Easy and simple interface • Lists all the controls and requirements • Offers locations to find further guidance • Clear and simple summary layout to show progress © IT Governance Ltd 2014 22
  • 23. Why Policies and Procedures? • Most effective way of implementing the controls and maintaining compliance – Allows you to set the accepted standard for the five control areas – Responsibility for the controls can be assigned through policies – Effectiveness of the controls can be monitored – Procedures for implementing the controls can be developed and standardised • Writing policies requires a level of understanding on management systems © IT Governance Ltd 2014 23
  • 24. Beyond CES • CES is derived from ‘10 Steps to Cyber Security’ – Only covers 5 of the 10 • Mapped to ISO/IEC 27001 & 27002 • Mapped to PCI DSS • Compliance with another standard doesn’t automatically mean compliance with CES © IT Governance Ltd 2014 24
  • 25. Next steps to consider © IT Governance Ltd 2014 25 • Evolve your CES into an ISMS and create a robust and cyber resilient system for your business processes. • Consider the Cloud Controls Matrix (CCM) as well as protecting devices with BYOD policies and procedures. • Make the right choice for a permanent solution.
  • 26. ISO27001 The Cyber Security Standard ISO/IEC 27001, together with the international code of practice, ISO/IEC 27002, provide a globally recognised standard and best-practice framework for addressing the entire range of cyber risks © IT Governance Ltd 2014 26 - Could be a first step to ISO27001 - Could add strength to an existing ISMS
  • 27. Benefits Impress stakeholders © IT Governance Ltd 2014 27 Being Cyber Resilient Reduce Protect Survival jobs insurance costs Major cost saving Impress customers Protect reputation Avoid significant disruption Win new business: - Existing markets - Supply Chain Assurance - Contracting with HMG
  • 28. Any Questions? For more information on our products and services you can simply email us here: © IT Governance Ltd 2014 team@itgovernancepublishing.co.uk Or call us on: +44 (0)1353 771107 28 Cyber Essentials: A Pocket Guide £3.49 Cyber Essentials Gap Analysis Tool £19.95 Cyber Essentials Documentation Toolkit £99.95 DIY Package CE: £400 CE Plus: £1,150 ‘Get a little help’ Package CE: £885 CE Plus: £1,635 ‘Get a lot of help’ Package CE: £1,245 CE Plus: £1,995