Cyber Essentials – A guide to Cyber Essentials and Cyber Essentials Plus certifications Cyber attacks are a fact of life in the information age. For any organisation that connects to the Internet, the issue is not if an attack will come, but when. Most cyber attacks are performed by relatively unskilled criminals using tools available online. These attacks are often opportunistic: looking for easy targets rather than rich pickings. The Cyber Essentials scheme is a UK government-backed effort to encourage UK-based organisations to improve their cyber security by adopting measures (called controls) that defend against common, less-sophisticated cyber attacks. The scheme recommends practical defences that should be within the capability of any organisation. The Cyber Essentials scheme has two levels: The basic Cyber Essentials; and Cyber Essentials Plus. This first part of this book will examine the various threats that are most significant in the modern digital environment, their targets and their impacts. It will help you to understand whether your organisation is ready for Cyber Essentials or Cyber Essentials Plus certification. The second part of the book presents a selection of additional resources that are available to help you implement the controls or become certified.

• Cover
• Title Page
• Copyright Page
• About the Author
• Acknowledgements
• Contents
• Chapter 1: The Cyber Essentials scheme
  • Why get certified?
  • Which contracts require Cyber Essentials?
  • What am I protecting?
  • Beyond and outside Cyber Essentials
  • Structure of this book
• Part 1: Requirements for basic technical protection from cyber attacks
  • Chapter 2: Types of attack
    • Social engineering
    • Denial of service (DoS)
    • Password attacks
    • Threats outside the perimeter
    • Misconfiguration and unpatched vulnerabilities
    • Ransomware
    • Scoping
    • Implementation and documentation
  • Chapter 3: Technical control themes
    • Technical control theme 1: Firewalls
    • Technical control theme 2: Secure configuration
    • Technical control theme 3: User access control
    • Technical control theme 4: Malware protection
    • Technical control theme 5: Security update management
    • Further guidance from Cyber Essentials
• Part 2: Gaining cyber essentials certification
  • Chapter 4: Certification
    • Externally managed services and scope
    • Cyber Essentials checklist
    • Cyber Essentials certification process
    • Getting certified – Cyber Essentials Plus
• Appendix 1: Further assistance
  • Practical help and consultancy
  • Useful documents and further information
  • The next step – cyber security standards
  • Staff training
  • Cyber resilience
• Appendix 2: IT Governance resources
  • Certification only
  • Get A Little Help
  • Get A Lot Of Help
  • Cyber Essentials Plus Health Check
  • Penetration testing
  • Gap analysis
  • GRC eLearning courses
• Further reading