SlideShare a Scribd company logo

An introduction to Cyber Essentials

Download as PPTX, PDF
Jisc, profile picture
Jisc

Cyber Essentials is a UK government-backed scheme designed to improve organizational cybersecurity by implementing five key technical controls, including firewalls, secure configurations, and malware protection. Recent updates in 2023 include new requirements such as multi-factor authentication for all accounts and changes in device regulations. Organizations must conduct yearly assessments, ensure executive management support, and address any identified vulnerabilities promptly to maintain their certification.

Education
Related topics:
Cyber-Security
1 of 14
Downloaded 11 times
1
2
3
Most read
4
Most read
5
6
7
8
9
Most read
10
11
12
13
14
Cyber Essentials Paul Gray Cyber Essentials assessor
Background to Cyber Essentials •UK Government – many breaches due to lack of simple controls implemented •Review of these breaches over 4 years resulted in identification of 5 key technical controls (Office Firewalls and Internet Gateways, Secure Configuration, Security Update Management, Access Control, Malware Protection) •Backed by the NCSC – National Cyber Security Centre – and run by IASME •UK Government is mandating Cyber Essentials in many contracts 2
What is Cyber Essentials? Cyber Essentials Cyber Essentials is a government –backed scheme focusing on the five important technical security controls 3
Benefits of Cyber Essentials 4 • Improve the security posture of your institution (internal and external). • Align your institution with a government-backed UK Standard • Demonstrate security within your supply chain • Ability to work with UK government contracts, partnerships and third parties
Changes in Cyber Essentials 5 • New question set – Montpellier April 2023 • Only light touch changes from IASME • MFA required for all administrator accounts and user accounts (staff and students) • Only make and model of devices required • Anti-malware software no longer needs to be signature based • Sandboxing removed as option
Scoping Cyber Essentials • Whole organisation • All devices that access organisational data • No exclusions • Strongest security implications • https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for- Infrastructure-v3-1-January-2023.pdf • Limited Scope (Sub-set) • Focused areas of the network • Can cover areas needed for funding but not others • Defined by network Boundaries (VLAN/Firewall) • Exclusion statement required 6
Scoping Continued • Education – Admin network only if there’s a network separation • Home Workers (contracted or legally required to work from home for any amount of time) • Use a VPN, software firewall, or apply controls to their home network – good practice • Cloud Services • SAAS – In scope (must ensure service is configured securely, e.g MS365) • PAAS – In scope (where you provide and manage the applications e.g Azure Web Apps • IAAS – In scope (AWS and Azure) – you can apply controls • Mobile Devices – Access business data and are in scope • Should have MDM or anti-virus installed, or otherwise meet requirements • Voice and 2FA only – not in scope • BYOD (if they access business data) – they are in scope 7
Protection against Internet Threats 8 Social Engineering (Phishing) Vulnerabilities (Hacking) Password Guessing
Where does CE sit? 9 CE focuses on prevention! Cyber Security Investment
5 Key Security Controls FAIL – if there is no sign off by Executive management, and also if running out of support operating systems 10 Office Firewalls and Internet Gateways Firewall rules, default password, length of password and review process Secure Configuration Formal process for admin accounts, segregation of duties, tracking privileged accounts, reviewing of accounts, MFA for admins, gold image and default passwords Security Update Management OS and firmware within support, vendor recommendations, 14 days security patch cycle, end of life support, open source supported (if they have an active community) phones and servers Access Control Software management, user accounts, local accounts passwords, admin account use, length of password, lock outs, password policy and least privilege Malware Protection Malware protection on all devices, updates/scans, restricted access to unsigned software (approved) and sandboxing
Cyber Essentials Stages 11
What Next ? 12 • Download the questions and review prior to booking the assessment • https://iasme.co.uk/cyber-essentials/free-download-of-cyber-essentials-self- assessment-questions/ • Come to the Jisc Cyber Essentials drop-in clinics for support and advice • Focused on Education and Research, for CE and CE+ questions • https://www.jisc.ac.uk/training/cyber-essentials-drop-in-clinic • Book Assessment with Jisc • Discuss scope with us, then complete the self-assessment in the online portal • Answer questions – 5 controls plus some organisational info, signed off at an executive level, adding additional justification for answers • Re-Assess - Any remediations must be completed within 2 working days • Certification!
Security is not just for Christmas? 13 • Need to do the assessment on a yearly basis • Ensure you have budget and time to do the preparation work, and any remediation for the re-assessment • Ensure you have Executive management buy-in and support for this process • Can lead into Cyber Essentials Plus
14 Professional.cyberservices@jisc.ac.uk

More Related Content

PPTX
Blockchain Technology
Mithileysh Sathiyanarayanan
 
PPTX
Exploring ChatGPT for Effective Teaching and Learning.pptx
Stan Skrabut, Ed.D.
 
PPTX
An introduction to Cyber Essentials
Jisc
 
PPTX
Block chain technology and its applications
ABHISHEK JAIN
 
PDF
Sangfor's Presentation.pdf
ssusera76ea9
 
PDF
Large Enterprise - Best Practices - Developing a CoE (1).pdf
ZiadAlsukairy
 
PDF
Managed IT Services Pricing Models And Strategies Powerpoint Presentation Slides
SlideTeam
 
PDF
GENERATIVE AI, THE FUTURE OF PRODUCTIVITY
Andre Muscat
 
Blockchain Technology
Mithileysh Sathiyanarayanan
 
Exploring ChatGPT for Effective Teaching and Learning.pptx
Stan Skrabut, Ed.D.
 
An introduction to Cyber Essentials
Jisc
 
Block chain technology and its applications
ABHISHEK JAIN
 
Sangfor's Presentation.pdf
ssusera76ea9
 
Large Enterprise - Best Practices - Developing a CoE (1).pdf
ZiadAlsukairy
 
Managed IT Services Pricing Models And Strategies Powerpoint Presentation Slides
SlideTeam
 
GENERATIVE AI, THE FUTURE OF PRODUCTIVITY
Andre Muscat
 

What's hot (20)

PDF
Başarılı Bir Siber Saldırının Perde Arkası ve Vaka Analizi
BGA Cyber Security
 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
PDF
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
PPT
2. access control
7wounders
 
PPTX
The Cyber Threat Intelligence Matrix
Frode Hommedal
 
PPTX
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
PPTX
Operating system security
Sarmad Makhdoom
 
PDF
Lessons Learned from the NIST CSF
Digital Bond
 
PPT
Introduction To OWASP
Marco Morana
 
PDF
Threat Hunting
Splunk
 
PDF
Defence in Depth Architectural Decisions
Peter Rawsthorne
 
PPTX
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
PDF
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE - ATT&CKcon
 
PDF
1. Security and Risk Management
Sam Bowne
 
PDF
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE - ATT&CKcon
 
PPT
ISACA Belgium CERT view 2011
Marc Vael
 
PPTX
Logging, monitoring and auditing
Piyush Jain
 
PPTX
Cissp- Security and Risk Management
Hamed Moghaddam
 
PPTX
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
PPTX
MITRE ATT&CK framework
Bhushan Gurav
 
Başarılı Bir Siber Saldırının Perde Arkası ve Vaka Analizi
BGA Cyber Security
 
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
2. access control
7wounders
 
The Cyber Threat Intelligence Matrix
Frode Hommedal
 
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Operating system security
Sarmad Makhdoom
 
Lessons Learned from the NIST CSF
Digital Bond
 
Introduction To OWASP
Marco Morana
 
Threat Hunting
Splunk
 
Defence in Depth Architectural Decisions
Peter Rawsthorne
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
MITRE ATT&CKcon 2.0: Lessons in Purple Team Testing with MITRE ATT&CK; Daniel...
MITRE - ATT&CKcon
 
1. Security and Risk Management
Sam Bowne
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE - ATT&CKcon
 
ISACA Belgium CERT view 2011
Marc Vael
 
Logging, monitoring and auditing
Piyush Jain
 
Cissp- Security and Risk Management
Hamed Moghaddam
 
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
MITRE ATT&CK framework
Bhushan Gurav
 
Ad

Similar to An introduction to Cyber Essentials (20)

PDF
Cyber essentials-overview-sep-2021-211019100139
evaleng2
 
PPTX
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
PPTX
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
PDF
Dealing with Web Application Security, Regulation Style
Rochester Security Summit
 
PPT
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
PPTX
Cybersecurity Framework Luncheon Presentation 1-18-18.pptx
trinirebel1
 
PDF
Using Integrated Security Systems to Accommodate Expansion and Ensure Safety
University of the District of Columbia
 
PPTX
Starting your Career in Information Security
Ahmed Sayed-
 
PDF
Many products-no-security (1)
SecPod Technologies
 
PDF
The Cloud is in the details webinar - Rothke
Ben Rothke
 
PPTX
Institute of Internal Auditors Presentation 2014
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
PDF
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Denim Group
 
PDF
How to Build a Secure IT Infrastructure in 2025.
digitalivalueplus
 
PPTX
Lock it Down: Access Control for IBM i
Precisely
 
PDF
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
Health IT Conference – iHT2
 
PPTX
IBM Messaging Security - Why securing your environment is important : IBM Int...
Leif Davidsen
 
PPTX
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
PPTX
IBM Relay 2015: Securing the Future
IBM
 
PPTX
ISS CAPSTONE TEAM
Jonathan Fuller
 
PPTX
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
Cyber essentials-overview-sep-2021-211019100139
evaleng2
 
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
I am sharing 'unit 4' with youuuuuu.PPTX
padhaipadhai639
 
Dealing with Web Application Security, Regulation Style
Rochester Security Summit
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
Cybersecurity Framework Luncheon Presentation 1-18-18.pptx
trinirebel1
 
Using Integrated Security Systems to Accommodate Expansion and Ensure Safety
University of the District of Columbia
 
Starting your Career in Information Security
Ahmed Sayed-
 
Many products-no-security (1)
SecPod Technologies
 
The Cloud is in the details webinar - Rothke
Ben Rothke
 
Institute of Internal Auditors Presentation 2014
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Denim Group
 
How to Build a Secure IT Infrastructure in 2025.
digitalivalueplus
 
Lock it Down: Access Control for IBM i
Precisely
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
Health IT Conference – iHT2
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
Leif Davidsen
 
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
IBM Relay 2015: Securing the Future
IBM
 
ISS CAPSTONE TEAM
Jonathan Fuller
 
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
Ad

More from Jisc (20)

PPTX
Strengthening open access through collaboration: building connections with OP...
Jisc
 
PPTX
Andrew-Brown-JUSP-showcase-20240730.pptx
Jisc
 
PPTX
JUSP Showcase - Rebuilding Data presentation
Jisc
 
PPTX
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
PPTX
FE Accessibility training matrix partnership - information session
Jisc
 
PPTX
Procuring a research management system: why is it so hard?
Jisc
 
PPTX
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
PPTX
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
PPTX
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
PPTX
The approach at University of Liverpool.pptx
Jisc
 
PPTX
Jisc's value to HE: the University of Sheffield
Jisc
 
PPTX
Towards a code of practice for AI in AT.pptx
Jisc
 
PPTX
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
PPTX
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
PPTX
Accessible Digital Futures project (20/03/2024)
Jisc
 
PPTX
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
PPTX
International students’ digital experience: understanding and mitigating the ...
Jisc
 
PPTX
Digital Storytelling Community Launch!.pptx
Jisc
 
PPTX
Open Access book publishing understanding your options (1).pptx
Jisc
 
PPTX
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 
Strengthening open access through collaboration: building connections with OP...
Jisc
 
Andrew-Brown-JUSP-showcase-20240730.pptx
Jisc
 
JUSP Showcase - Rebuilding Data presentation
Jisc
 
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
FE Accessibility training matrix partnership - information session
Jisc
 
Procuring a research management system: why is it so hard?
Jisc
 
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
The approach at University of Liverpool.pptx
Jisc
 
Jisc's value to HE: the University of Sheffield
Jisc
 
Towards a code of practice for AI in AT.pptx
Jisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
Accessible Digital Futures project (20/03/2024)
Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
International students’ digital experience: understanding and mitigating the ...
Jisc
 
Digital Storytelling Community Launch!.pptx
Jisc
 
Open Access book publishing understanding your options (1).pptx
Jisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 

Recently uploaded (20)

PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Institutional Correction lecture only . . .
limvtheghins
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
RMMM.pdf make it easy to upload and study
sajedul2
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 

An introduction to Cyber Essentials

  • 2. Background to Cyber Essentials •UK Government – many breaches due to lack of simple controls implemented •Review of these breaches over 4 years resulted in identification of 5 key technical controls (Office Firewalls and Internet Gateways, Secure Configuration, Security Update Management, Access Control, Malware Protection) •Backed by the NCSC – National Cyber Security Centre – and run by IASME •UK Government is mandating Cyber Essentials in many contracts 2
  • 3. What is Cyber Essentials? Cyber Essentials Cyber Essentials is a government –backed scheme focusing on the five important technical security controls 3
  • 4. Benefits of Cyber Essentials 4 • Improve the security posture of your institution (internal and external). • Align your institution with a government-backed UK Standard • Demonstrate security within your supply chain • Ability to work with UK government contracts, partnerships and third parties
  • 5. Changes in Cyber Essentials 5 • New question set – Montpellier April 2023 • Only light touch changes from IASME • MFA required for all administrator accounts and user accounts (staff and students) • Only make and model of devices required • Anti-malware software no longer needs to be signature based • Sandboxing removed as option
  • 6. Scoping Cyber Essentials • Whole organisation • All devices that access organisational data • No exclusions • Strongest security implications • https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for- Infrastructure-v3-1-January-2023.pdf • Limited Scope (Sub-set) • Focused areas of the network • Can cover areas needed for funding but not others • Defined by network Boundaries (VLAN/Firewall) • Exclusion statement required 6
  • 7. Scoping Continued • Education – Admin network only if there’s a network separation • Home Workers (contracted or legally required to work from home for any amount of time) • Use a VPN, software firewall, or apply controls to their home network – good practice • Cloud Services • SAAS – In scope (must ensure service is configured securely, e.g MS365) • PAAS – In scope (where you provide and manage the applications e.g Azure Web Apps • IAAS – In scope (AWS and Azure) – you can apply controls • Mobile Devices – Access business data and are in scope • Should have MDM or anti-virus installed, or otherwise meet requirements • Voice and 2FA only – not in scope • BYOD (if they access business data) – they are in scope 7
  • 8. Protection against Internet Threats 8 Social Engineering (Phishing) Vulnerabilities (Hacking) Password Guessing
  • 9. Where does CE sit? 9 CE focuses on prevention! Cyber Security Investment
  • 10. 5 Key Security Controls FAIL – if there is no sign off by Executive management, and also if running out of support operating systems 10 Office Firewalls and Internet Gateways Firewall rules, default password, length of password and review process Secure Configuration Formal process for admin accounts, segregation of duties, tracking privileged accounts, reviewing of accounts, MFA for admins, gold image and default passwords Security Update Management OS and firmware within support, vendor recommendations, 14 days security patch cycle, end of life support, open source supported (if they have an active community) phones and servers Access Control Software management, user accounts, local accounts passwords, admin account use, length of password, lock outs, password policy and least privilege Malware Protection Malware protection on all devices, updates/scans, restricted access to unsigned software (approved) and sandboxing
  • 12. What Next ? 12 • Download the questions and review prior to booking the assessment • https://iasme.co.uk/cyber-essentials/free-download-of-cyber-essentials-self- assessment-questions/ • Come to the Jisc Cyber Essentials drop-in clinics for support and advice • Focused on Education and Research, for CE and CE+ questions • https://www.jisc.ac.uk/training/cyber-essentials-drop-in-clinic • Book Assessment with Jisc • Discuss scope with us, then complete the self-assessment in the online portal • Answer questions – 5 controls plus some organisational info, signed off at an executive level, adding additional justification for answers • Re-Assess - Any remediations must be completed within 2 working days • Certification!
  • 13. Security is not just for Christmas? 13 • Need to do the assessment on a yearly basis • Ensure you have budget and time to do the preparation work, and any remediation for the re-assessment • Ensure you have Executive management buy-in and support for this process • Can lead into Cyber Essentials Plus

Editor's Notes