OLD INFORMATION SECURITY

INFORMATION SECURITY

Cyber Essentials

The government approved Cyber Essentials certification programme offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential InfoSec precautions.

The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Government believes that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. What Cyber Essentials does do is define a focused set of controls which will provide costeffective, basic cyber security for organisations of all sizes.

The five CE controls

1. Boundary firewalls and internet gateways - these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective

2. Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organisation

3. Access control – Ensuring only those who should have access to systems to have access and at the appropriate level.

4. Malware protection – ensuring that virus and malware protection is installed and is it up to date

5. Patch management – ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.

What next?

Contact us to order your Cyber Essentials package. We will arrange a date for your initial preparation meeting with a Cyber Essentials consultant.

ProSec 2

84% of data breaches are caused by staff error (PwC 2014), know that your business critical data is safe.

Information Security Best Practice and Certification

Information, particularly personal client information, is increasingly becoming recognised as a business critical asset, forming the backbone of your organisation, and driving growth.

Despite the importance of this information, the applied security is often overlooked, resulting in the vast majority of security breaches actually coming from within the organisation - a result of poor policy, procedures, staff training and their awareness of security risks.

Many organisations are exploring the benefits of certifying to ISO 27001 as a means of letting your clients and business partners know that you take their information security seriously.

However, following considerable research it has been found that whilst ISO 27001 is an excellent standard it is expensive, time consuming and fairly complex to implement, particularly for small and medium sized businesses

The ProSec2 framework was put together by a number of Senior law firm IT Directors following increasing demand from clients for best practice assurances. The new IS accreditation, ProSec2 is designed to be a 'lite' approach and potential alternative to ISO 27001.

Where ISO 27001 focuses on having a management system and controls in place, the ethos behind ProSec2 is education. We believe that a well informed business who understand, operate and communicate IS best practices internally will benefit from improved processes, enhanced customer relations and ultimately an increase in business.

The UK government are now offering Security Consultancy grants of up to £5000 for small businesses click here for details

The ProSec2 Framework

The ProSec2 framework is built on 5 best practice principles. Each principle has an associated objective and requirement. As part of the package we provide 10 fully editable IS Policy Templates for your use should you need them.

By completing the assessment and achieving accreditation you will be informing your clients that your business is following best practice in these key areas.

Why ProSec2?

ProSec2 is a straightforward and affordable 4 stage process to accreditation and the ProSec2 standard will give your clients the comfort that a best practice framework is in place. In addition once accredited, your business is more than half way to ISO if you wish to carry on.

As ProSec2 has a strong emphasis on education, we also believe that self policing is an important part of the accreditation and therefore our auditors only want to know that the best practices are understood and policies are active.

The straightforward and transparent audit process is carried out by a licenced, independent auditor who can award accreditation on the spot.

All ProSec2 accredited businesses may use the accreditation logo freely to promote the fact they have information security best practices in place.

The ProSec2 Package

Stage 1 - Preparation

On site preparation briefing by ProSec2 consultant

Self assessment questionnaire to assess risk and gaps in policy

Stage 2 - Implementation

Following completion of questionnaire; on site gap analysis by ProSec2 consultant of all documentation and processes. Provision of free policy pack (10 best practice IS policy templates)

Stage 3 - Review

On site review by ProSec2 consultant of all completed documentation and active policies

Certification checklist provided

Stage 4 - Audit & Certify

Onsite audit by independent auditor

Key Benefits