Cyber Essentials Security Review & Gap Assessment
Cyber Essentials – Is your business protected?
What is Cyber Essentials?
Cyber Essentials is a Government-backed and industry supported scheme that is part of the UK’s National Cyber Security Programme. The main objective of Cyber Essentials is to ensure that organisations have effectively implemented the controls required by the Scheme, in order to defend against the most common and unsophisticated forms of cyber attacks.
The scheme provides organisations with:
There are two levels of certification that can be achieved:
Cyber Essentials requires the organisation, with help from a practitioner, to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.
Cyber Essentials Plus covers the same requirements as Cyber Essentials but tests of the systems are carried out by an external certifying body, using a range of tools and techniques.
why your business needs cyber essentials
UK businesses are failing basic security measures
According to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, it found that many UK companies are not following the basic security steps laid out as part of the Cyber Essentials scheme. For this reason, these businesses are not adequately equipped to pass the Cyber Essentials certification.
Cyber Essentials protects your business from the 65,000+ annual cyber attacks
Why do you need a GAP Analysis before taking the Cyber Essentials Assessment?
1. Self-assessment is not the best route
2. Avoid costly repercussions of short-sighted advice
3. Avoid failing the Assessment
The real benefit of a GAP analysis is that your provider should work with you until you are ready to be certified. ESyn3rgy’s approach ensures that you only need to go through the process once.
4. The GAP analysis offers exceedingly valuable insight, at no extra cost
ESyn3rgy will work with your organisation to deliver detailed security guidance whilst preparing your staff through education and awareness to meet the standard and the certification. The GAP analysis addresses the 5 recommended mitigation strategies and controls, and helps to identify Gaps in your existing security approach. This ultimately will improve cyber security standards across your organisation, with free, detailed reporting across non-compliance, remediation and guidance.
CYBER SECURITY SPECIALISTS IN THE UK
Why we are positioned to help
ESyn3rgy specialises in strategic technology planning. We deliver independent advice, robust systems thinking and interdisciplinary expertise in support of our mission: we are here to help you choose the right initiatives so that your technology is always enabling your business goals. Established since 2011, we are based in the UK and offer decades of industry experience working within the Public Sector amongst key Government Departments.
We have successfully implemented and continue to support what would be considered to be the most critical of systems – the infrastructure of one of the UK major blue light services. We are trusted by our Government Departments to manage and secure sensitive IT and infrastructure systems, including those classified as highly critical.
Cyber Security is a specialised field, requiring thorough knowledge of all prevailing and emerging security technologies. It also requires a clear understanding of the current threat landscape and the latest defence best-practice. Our Cyber Security team comprising of CISSP and CISM certified professionals, is trusted by the businesses and organisations we serve, to assist in navigating the myriad of options available, aligned to budget and need.
How we will help you pass and achieve certification
ESyn3rgy’s fully-trained Cyber Essentials consultants will help you with preparation before your Cyber Essentials assessment
Our team is able to run through and offer guidance on the questionnaire, and conduct an assessment of your controls to make sure you are compliant. The result will help you to understand what you may need to do before applying for your certification, and of course, assistance with helping you get there as quickly as possible. We manage the complete process including re-certification annually.
Achievement of Cyber Essentials is via a 5-stage process with ESyn3rgy, which provides support throughout
1. Gap Analysis
We provide a full, on-site, Gap Analysis comparing the organisation’s “as is” position against that required for compliance with the Cyber Essentials framework, taking into account context/scope. We work with you through the entire standard, explaining exactly what is required in each area and identifying any gaps in your existing processes, procedures or technologies.
2. Report & Action Plan
Following the Gap Analysis, we produce a report and fully costed action plan, identifying good practice and areas of improvement, to help you understand what you need to do before applying for certification.
As part of this consultation service you will receive:
- Assessment of financial, reputational and regulatory risk of potential exposure to data loss
- Risk comparison with peer organisations of similar operation and scale
- Risk assessment and profile of key third parties
- Alignment with best practice and protection against known threats
- Protection against emerging threats such as social networks, crime-ware and advanced persistent threats
- Exposure to regulations such as the Data Protection Act, by taking a data-centric approach; analysing data flows, repositories, people, process and third parties to ensure that your security programme has a solid grounding
- External vulnerability scan
Depending on your organisation’s ability to resource corrective actions, ESyn3rgy can act as a lead for the in-house corrective action, or we can take a more hands-on approach and work with the organisation to implement and document the corrective action.
The majority of changes required are likely to be system administration or minor modifications. In some cases, there may be a requirement for additional or replacement hardware and software. This approach will ultimately protect your organisation, as you will be aware of any investment needed at this stage, rather than paying for a certification programme up front that you cannot achieve without the additional investment.
With all the actions completed and the standards of the Cyber Essentials framework met, we will run a ‘dummy’ assessment for you and re-run the external vulnerability scan.
5. Completion of the Cyber Essentials Assessment and Submission to the Assessment Body
ESyn3rgy will sign off the questionnaire and will facilitate submission to the assessment body. (Note that ESyn3rgy is not able to provide the accreditation but we are able to provide the pre-assessment consultancy)
Set up a Gap Analysis for your organisation
ESyn3rgy is offering a free 2021 Cyber Essentials Gap Analysis, to ensure your organisation passes and achieves the certification
Gary Witheat | Sales Manager
Mobile +44 (0) 7725 472 228
Direct +44 (0) 1604 264 137
How can we help?
Contact our Sales and Support Teams, or connect with our key people on social media to listen to and join the conversations we're having about crucial factors influencing your role within I.T.
+44 (0) 1604 807 020
Our Support is available 24/7/365.