Introducing Cyber Essentials
Cyber Essentials is a UK government-backed certification scheme that provides a framework for organisations to demonstrate that they have taken appropriate measures to secure their IT systems against cyber threats. The scheme defines 5 basic controls that organisations must implement to achieve certification:
- Boundary firewalls and Internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Things to consider before seeking accreditation
We highly recommended you consider the following 5 points before you begin to seek accreditation. UIS can be on hand to discuss any of these with you to help make a better-informed choice.
1. Reasons why
Ask yourself, what are the reasons for achieving this accreditation? For example, it might be because doing this will reduce the cyber risk to the University, or it could be a condition of future grant funding. You might also want to be able to demonstrate that you are taking cyber security seriously and are making the required commitments to improve. We can discuss these and other factors with you to help you understand those reasons.
2. Starting out
- Commitment – Whatever your reasons for attaining Cyber Essentials accreditation, it will require a substantial commitment. It's a common misconception that it can be achieved with a small amount of work or change in working practice or behaviour.
- Resource – Once you've agreed to make the commitment, you'll needs to understand the resource obligation.
- Implementation – Some institutions may lack the necessary skills or expertise to implement Cyber Essentials effectively. Talk to UIS about the help we can provide.
3. Bring your own device (BYOD)
Access to your network and data can occur almost from anywhere. Users are increasingly expecting that they will be able to work on their own personal equipment. Cyber Essentials classes these as BYOD devices, which are devices that are unowned and unmanaged by the organisation. Cyber Essentials requires reporting of the status of all devices when accessing data or network resources. You can achieve this in a variety of ways, but it comes with challenges.
4. Culture
Much of the success in achieving Cyber Essentials accreditation is down to understanding that the working practice of staff within the scope has to change. Staff will need to adhere to technical, procedural and policy changes. We advise that it is best to understand the impact of the changes at the start of this process.
5. Understanding and adopting change
Once you have agreed a plan for Cyber Essentials accreditation, you'll likely realise that one of the biggest challenges is to ensure your institution understands the requirements and adapts to the changes. A successful outcome will depend on overcoming this challenge.
Learn from another team's experience of Cyber Essentials certification
The Signals Processing and Communications Laboratory, in the Department of Engineering, have now successfully achieved Cyber Essentials certification. If would like to read a case study about their experiences and you're a member of IT staff at Cambridge, please contact alm83@cam.ac.uk.
Contact us
Register your interest in attaining Cyber Essentials accreditation by contacting our Service Desk.