Cyber Security Awareness Training
Cyber Security Awareness Training is probably the first real step towards cyber resilience (after becoming aware that you need cyber awareness training that is!). To be resilient, an organisation not only needs to be able to defend against cyber attacks, but also to recover effectively and quickly if a system problem emerges.
We consider Cyber Essentials to be the obvious next step, because the 5 technical controls harness the power of software that will already be on the system to automatially protect, with assistance of course from users who are aware (e.g. passwords). The cost of getting these controls working effectively could well be minimal! Once achieved, Cyber Essentials certification comes with free cyber liability insurance (up to £25000). You may wish to also get audited (Cyber Essentials plus). No further training is required for that, but you do need to allow an NCSC-approved vulnerability tester into your system.
Once those five technical controls are working effectively, other standards should be considered that use morte robust user controls, and management controls. This can be achieved through Cyber Assurance, PCI-DSS, or ISO27001.
If an organisation is only at the awareness level, do not be too worried... the fact that you are thinking about improving awareness puts you ahead of many other organisations who have yet to even take that first step.
Other Products and Services from Regola Digital Consulting
Cyber Essentials Preparation
Some IT people find the Cyber Essentials guidance intuitive; many business people find the language and concepts more demanding. We are here to support businesses! over 250000 certificates have now be awarded, but some businesses do fail. Prepare well, and that won't be you.
It is normal for a business to take the Cyber Essentials assessment and be told by the assessor that they have a small number of corrections to make, and they are given a small window of time. Few get it completely right first time. What a business would not want, however, to do is take Cyber Essentials and then comprehensively fail it.
To prepare businesses for assessment, we offer microbusinesses a service of 30 minutes free discussion, with a follow-up and a clearly written set of "do's and don'ts". Extra time and consultancy beyond this is available, but will be charged at the normal consultancy rate. After the 30 minutes, we point businesses at the self-help facilities available on the IASME website.
We are a Certification Body (the only one in South Devon) and do plenty of assessing ourselves. If you sign up for assessment through us, rather than through IASME, you'll get our friendly and comprehensive service right through to certification, and on to cyber essentials plus (within 90 days) if you so wish.
Cyber Assurance Level 2 (and ISO27001)
Cyber Assurance Level 1 is about identifying and engaging with the user and management controls that create Cyber Resilence. Technical controls are good, but not enough if the people processes fail.
Level 2 requires evidence to back up the claim made about compliance with the user and management controls requirements.
Because ISO27001 is also ebvidence based, it is fair to say that Cyber Essentials and Cyber Asurance Level 2 have equivalence with ISO27001.
However, ISO27001 will always be at the top of the pyramid, so for those businesses that need it and can afford it should strive for that gold standard
What is Cyber Resilience?
This was a buzzword, but it has crept into legislation. What does it mean? Quite simply, it refers to ability to recover its systems quickly after an attack. If a business doesn't recover quickly (i.e. within 10 days) it may never recover.
We think all businesses should aim for Cyber Essentials. This is only about 5 technical controls but if correctly implemented they will stop 80% of attacks. Really good cyber security, or Cyber Resilience, cannot happen overnight. It will be a journey that could last years. We can take even the smallest business through the various stages of getting good digital security that is suitable for them.
Every business is different. In this option, we look at the journey businesses can take beyond Cyber Essentials to develop a system that is truly resilient to attack, and quick to recover after one.
The next step may be Cyber Essentials plus. Or Cyber assurance (L1 then L2). Or ISO27001 (although, if starting from CE, that would be a very big step indeed!)
Regola Digital Consulting
Office 1.19, Torbay Business Centre, Lymington Road, Torquay, Devon, TQ1 4BD, United Kingdom
Regola are an NCSC approved Cyber Essentials Certification Body We offer a cost-effective service, based on many years experience of offering expert advice to SMEs so they cover the basics of technical security. We specialise in UK Government's Cyber Essentials (CE) and have assessed over 150 clients. As an accredited Certification Body for both CE and CE+, and IASME Cyber Assurance, we offer customised guidance to help businesses achieve valued cyber security certifications to assure partners and clients. The Cyber Essentials scheme also provides free Cyber Liability insurance up to £25000 for smaller UK companies who achieve certification. It is especially beneficial for SMEs aiming to secure government contracts or reassure clients that their information is well-protected.