Cyber Essentials is a UK Government backed scheme, providing a proactive approach to guarding against a range of common cyber-attacks. This is achieved through the strengthening of five key areas:
- Securing of your Internet connection
- Securing of your devices and software
- Controlling access to your data and services
- Protection against viruses and other malware
- Keeping your devices and software up to date
The Benefits
Across the University we are seeing an increasing expression of interest for this scheme. In addition to improving recommended UK Government security approaches and general I.T. hygiene, the certification is increasingly being requested as part of contractual agreements to facilitate University and external partner collaborations.
Through applying the five control areas listed, University departments and units will be better placed to protect valuable information under their care, and evidence the due diligence undertaken.
What pathways are available to certification?
Basic, or entry level Cyber Essentials is achieved through a self-assessment approach, while Cyber Essentials Plus provides additional security assurance through external independent verification. Please check with your University research or contracts manager to confirm which certification you need in the first instance.
The IT Services Research Manager should then be contacted via the IT Service Desk to determine if your requirements can be met through onboarding onto the University’s Research VPN network. This is certified to the basic level. Depending on the complexity and logistics involved, and if your needs cannot be met through this existing service, then a separate Cyber Essentials certification will be required. The following two sections set out the support channels to help you achieve your own certification. Please remember once obtained, certification needs to be renewed on an annual basis.
Achieving Cyber Essentials: Self-help
IASME who are the Cyber essentials Consortium Partner have put together a Cyber Essentials Readiness Toolkit. This is an excellent resource that will help you create a personal action plan, providing guidance towards meeting the Cyber Essentials requirements.
The detailed Cyber Essentials self-assessment questionnaire can be downloaded from – https://iasme.co.uk/cyber-essentials/free-download-of-cyber-essentials-self-assessment-questions/
Need more Help?
Jisc offers a Cyber Essentials and Cyber Essentials Plus as a Service consultancy; to assist you in navigating the various certification requirements including:
- An understanding of scope
- Assessment of current environment
- Recommendations to address identified control gaps
- Assistance with review of the questionnaire
- Acting as a trusted liaison between requestor and assessor
If you would like to learn more about how Jisc may assist you in achieving the Cyber Essentials certification, please contact professional.cyberservices@jisc.ac.uk
The IT Security team are also happy to discuss requirements and give advice if you need or are considering your own certification. If you would like to learn more about how we may assist you in achieving the Cyber Essentials certification please contact the IT Security Team via the IT Service Desk Service Desk