Cyber Essentials is a UK Government backed information security certification scheme, providing a proactive approach to guarding against a common cyber-attacks. This is achieved through five key areas:
- Securing your Internet connection
- Securing your devices and software
- Controlling access to your data and services
- Protection against viruses and other malware
- Keeping your devices and software up to date
The Benefits
The University has defined its own baseline security controls. The benefit of Cyber Essentials is it provides assurance to external stakeholders such as research sponsors, prospective students, donors and regulatory bodies, that the University takes security seriously.
What pathways are available to certification?
Basic, or entry level Cyber Essentials is achieved through a self-assessment approach with light touch independent verification, while Cyber Essentials Plus which provides a more rigorous level of independent verification thus greater assurance to stakeholders. The InfoSecTeam recommend the latter.
How can the Information Security Team Help?
Across the University we’re seeing an increasing expression of interest for this scheme. In addition to improving recommended UK Government security approaches and general I.T. hygiene, the certification is increasingly being requested as part of contractual agreements to facilitate University and external partner collaborations.
The InfoSec Team can assist you in navigating the various certification requirements including:
- Scoping exercise
- Assessment of current environment
- Recommendations to address any identified control gaps
- Assistance with completion/review of the questionnaire
- Acting as a trusted liaison between requestor and assessor.
To learn more about achieving the Cyber Essentials Plus certification, email grc@infosec.ox.ac.uk.
