Cyber Essentials - everything you need to know

Cyber Essentials

Cyber Essentials is a UK Government backed information security certification scheme, providing a proactive approach to guarding against a range of common cyber-attacks.  This is achieved through the strengthening of five key areas:

  • Securing of your Internet connection
  • Securing of your devices and software
  • Controlling access to your data and services
  • Protection against viruses and other malware
  • Keeping your devices and software up to date

 

The Benefits

The University has defined its own baseline security controls, which achieve a good level of security when implemented. The main benefit of Cyber Essentials is that it provides assurance to external stakeholders such as research sponsors, prospective students, donors and regulatory bodies, that the University takes security seriously.

 

What pathways are available to certification?

Basic, or entry level Cyber Essentials is achieved through a self-assessment approach with light touch independent verification, while Cyber Essentials Plus which provides a more rigorous level of independent verification and thus great assurance to stakeholders.  The Information Security Team recommend the latter, which is increasingly being required for both public and private sectors collaborations. 

 

How can the Information Security Team Help?

Across the University we are seeing an increasing expression of interest for this scheme.  In addition to improving recommended UK Government security approaches and general I.T. hygiene, the certification is increasingly being requested as part of contractual agreements to facilitate University and external partner collaborations. 

 

The Information Security Team can assist you in navigating the various certification requirements including:

  • Scoping exercise
  • Assessment of current environment
  • Recommendations to address any identified control gaps
  • Assistance with completion/review of the questionnaire
  • Acting as a trusted liaison between requestor and assessor.

 

Next Steps 

If you would like to learn more about how we may assist you in achieving the Cyber Essentials Plus certification please contact the Information Security Team on grc@infosec.ox.ac.uk  

cyber essentials