Does My Business need Cyber Essentials IASME
The public perception of hacking is one of shady individuals with lots of high-tech equipment breaking into a server. However, low-tech methods (email phishing and password theft) are far more common, and effective methods of stealing data and carrying out cybercrime. This issue is never going away, and is increasing in pace over recent years, but we can take measures to protect our data and systems. Government and industry have developed and introduced measures to help us do this; Cyber Essentials and IASME are two such solutions.
What is Cyber Essentials?
Initially launched in 2014 as a collaboration between the UK government and technology industries, Cyber Essentials is designed to help businesses, regardless of size, protect their data and systems against the most common threats from the cyberworld. It encourages good policy and practice, helping employees at all levels understand threats and what they can do to protect the business.
Cyber Essentials focuses on 5 specific areas of technical security:
- Secure configuration
- Access control
- Malware protection
- Patch management
There are two grades:
- Cyber Essentials standard is the first grade. Organisations seeking this badge will conduct a self-assessment of their security measures with their responses being reviewed by a certification body.
- Cyber Essentials Plus includes an independent external verification that the 5 areas of technical controls have been implemented effectively. Here a certification body examines and tests the business’ information systems security before certification is obtained.
What is IASME?
IASME entered the marketplace in 2010 and is designed to help smaller organisations improve their cyber security. The IASME Governance standard was recently recognised as the best cyber security standard for small companies by the UK Government.
The standard is aimed at small and medium businesses which often struggle to afford the resources and financial cost of more complex security certifications such as ISO27001. Like Cyber Essentials, IASME is available as a self-assessment and an audited certification, with the audited IASME certification seen as a realistic alternative by an increasing number of companies.
Where Cyber Essentials focuses on 5 specific areas of technical control, IASME expands on this to include wider areas of governance including risk assessment, change control, written policies, personnel security, training, vulnerability assessment, data protection, contracts, and the specific requirements of GDPR.
How Each Can Benefit Your Business?
The most important point to note for Cyber Essentials is that it focuses on 5 of the most critical security issues identified as being responsible for most cyber-attacks. Implementation of Cyber Essentials will eliminate the majority of vulnerabilities. Many high-profile cyber-attacks could have been avoided by following the basic principles of Cyber Essentials.
Where Cyber Essentials will help you to implement and demonstrate the 5 areas of technical control, Cyber Essentials Plus will provide you with independent verification you are doing so effectively.
The IASME standard maps to ISO27001 (The most internationally recognised security management standard) allowing you to demonstrate to customers and suppliers how seriously you take cyber security. It can be daunting and expensive to seek full ISO27001 accreditation, whereas IASME is cost effective, saves time, and is instantly recognisable. As the IASME standard includes the requirements of Cyber Essentials and focuses directly on the requirements of GDPR, there is a cost and time benefit of using the standard to guide your security and compliance projects.
Do you require IASME or Cyber Essentials accreditation? First Stop IT is a well-known provider of both data security standards, helping you protect your digital assets.
If you would like more information or advice on Cyber Essentials or IASME call First Stop IT on 0345 450 7876 or use our contact form HERE