CREST works with UK Government to roll out Cyber Essentials

CREST certifies the first companies to deliver Cyber Essentials assessment

5 June 2014:   The UK Government has today announced the launch of its Cyber Essentials Scheme, following successful pilot assessments, managed and reviewed by CREST, the not-for-profit organisation that represents and certifies the technical information security industry. Details of the first security companies accredited by CREST to deliver Cyber Essentials assessment services are available at:  http://www.cyberessentials.org/companies

Universities and Science Minister David Willetts said:  “The recent GOZeuS and CryptoLocker attacks, as well as the Ebay hack, shows how far cybercriminals will go to steal people’s financial details, and we absolutely cannot afford to be complacent. “We already spend more online than any other major country in the world, and this is in no small part because Britain is already a world leader in cybersecurity. Developing this new scheme will give consumers further confidence that business and government have defences in place to protect against the most common cyber threats.”

The Cyber Essentials Scheme is part of UK Government’s National Cyber Security Strategy and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate risks from internet-borne threats. Systems that fall within its scope include internet connected end-user devices such as desktop PCs, laptops, tablets and smartphones, and internet connected systems including email, web and application servers. By successfully going through a Cyber Essentials assessment, organisations not only lower their risk of serious data and financial loss, but by displaying the Cyber Essentials badge they demonstrate to customers that they have taken steps to be fundamentally cyber safe.

CREST has worked alongside CESG, the Information Security arm of GCHQ, to develop the assessment framework for Scheme. As part of this engagement, CREST defined the policy, procedures and requirements for companies that will provide certification services under the Cyber Essentials Scheme. CREST has also produced the syllabus areas and examination structures that underpin the Scheme. In addition, through its members, CREST planned, conducted and reviewed the early Cyber Essentials pilot assessments.

“Not all organisations have the resources available to invest in the most rigorous levels of information security and compliance. Cyber Essentials addresses this by creating a baseline for UK cyber security,” explains Ian Glover president of CREST. “By assembling and working with a forum of industry and technical experts, CREST has built an assessment framework optimised for the Cyber Essentials Scheme that will ensure organisations of all sizes and from all sectors can be properly and independently assessed to have the key technical controls in place to manage cyber risks.”