Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

UK Cyber Essentials Scheme Launched

October 20, 2017

  • Blog
  • Archive

Last week the UK Government launched the Cyber Essentials Scheme (CES) allowing businesses to demonstrate best practice in defending against common cyber threats.

The scheme, launched 5th June 2014, is a key objective in the government's £860 million National Cyber Security Programme. The main objective is to ensure the UK is a safer place to conduct business online. Until now, there hasn’t been a single recognizable award in cyber security assurance suitable for all businesses. Developed in close consultation with industry and insurers, many incentives are being offered to businesses who join the scheme.

"Britain is already a world leader in cyber security. Developing this new scheme will give consumers further confidence that business and government have defenses in place to protect against the most common cyber threats." - David Willetts, Science Minister

What are the requirements?

The scheme defines 5 key controls to defend against the most common cyber threats:

  • Boundary firewalls - Information, applications and computers should be protected against unauthorized access and disclosure from the internet.
  • Secure configuration – Devices should be configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfill their role.
  • User access control – Admin privileges should be assigned only to authorized individuals, managed effectively and provide the minimum level of access to applications, computers and networks.
  • Malware protection - Computers that are exposed to the internet should be protected against malware infection through the use of malware protection software.
  • Patch management - Software should be kept up-to-date and have the latest security patches installed.

Full details of the requirements can be viewed here so that organizations can self-assess before applying for formal certification.

What is the benefit?

The UK Government claims the scheme will boost a business's reputation and competitive advantage by showing that they take cyber security seriously. As of October 2014, bidding for certain high risk government contracts will require a Cyber Essentials Award.

Recent large US data breaches have demonstrated the cost to business of integrating 3rd party IT systems with poor cyber security controls. Many organizations already require contractors and partners to prove a certain level of cyber hygiene in order to continue doing business.

The CES is all about businesses raising the bar when it comes to cyber security and provides a good baseline for cyber security. The scheme itself follows the defense in depth model to ensure that if an attacker breaches one layer of security, there is another layer to contain the threat.

When implementing these controls it is important to prioritize those that can provide the biggest impact. The Council on Cyber Security names privilege management and application allow listing (user access control) combined with patch management as the most effective 'quick wins' against real world attacks.

Want to know more about defense in depth and cybersecurity solutions? Check out our resources and challenges sections.

James Maude

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.