WIXLIB

CYBER ESSENTIALSAN OVERVIEW GUIDEPROVE YOUR COMMITMENT TO THE BEST CYBER SECURITY PRACTICE& ENHANCE YOUR CUSTOMER”S TRUSTWWW.SALUSCYBER.COMOV E RV I E WG U I D E

ABOUTSALUSCYBERFounded in 2017, Salus Cyber is a certifiedprovider of world-class cyber securityservices. Based in Cheltenham, the cyberhub of the UK, we are a Cyber Essentialsand Cyber Essentials Plus certifiedorganisation.We can help you through the Cyber Essentialsand Cyber Essentials Plus processes byoffering best industry advice and guidance inorder to help you achieve certification. Founded by a NATO Project Manager turnedOUR VALUESpenetration tester with 10 years in theindustry. Salus Cyber brings a wealth of experiencefrom web applications, military anddefence targets, RFID, weapons andaccess control systems. We apply defence grade cyber securityskills whilst taking into consideration therealities of day-to-day business operations. We help our customers address known andtheir unknown cyber risks.We are dedicatedto our customers andto growing talent incyber security. Exceed expectations Invest in our people Scrutinise to immunise Continuous learning Integrity Partnering with customersSalus’ experienced team of cybersecurity experts: Our Senior Consultants have extensive commercial acumencombined with technical skills, so you can have an experiencedand trustworthy cyber security partner to lean on. We have an exceptional reputation for remediation andassistance when following up penetration testing or vulnerabilityassessments. Extensive knowledge working with Government organisations,MOD and commercial enterprise on their cyber security needs. Industry experience: Critical National Infrastructure, Mining,Finance, Energy, Technology, Education & Defence.1

WHAT ISCYBERESSENTIALS?Cyber Essentials is a UK Government-backed scheme supported by theNational Cyber Security Centre (NCSC).It aims to ensure organisations adhereto an industry-wide level of core cybersecurity principles.The scheme helps safeguard businesses fromeveryday cyber threats and mitigate the riskof an attack.By obtaining an industry-recognised certificate such as Cyber Essentials, you canprove your businesses commitment to bestcyber security practice.ONE SIZE FITS ALLWhether you’re a startup, an SME,a medium or large enterprise, theCyber Essentials scheme isdesigned to help protectorganisations of any size.Implementing the scheme’s five technicalcontrols, you can protect your business fromcommon threats such as phishing attacks,malware, ransomware, network attacks andmalicious links or emails.Five Steps To Better ResilienceThe Cyber Essentials scheme outlines five controlswhich can be adopted into your business-as-usualprocesses right away. These controls can instantlyboost your defences against a cyber attack.They include: A firewall to protect your internet connectivity Secure settings for your software and devices Control of who has access to your data andservices Protection against viruses and other malware Ensuring your devices and software are up todate.2

WHYCYBERESSENTIALS?By becoming Cyber Essentials orCyber Essentials Plus certified,your organisation can benefit by: Instilling confidence in your clients thatthey’re working with a business that takescyber security seriously. Winning new business by showing youhave an industry recognised cyber securitycertification. Getting approval for Government andMinistry of Defence (MoD) contracts Cyber Essentials has been a mandatoryrequirement since 2014 in order to tenderfor central Government work and otherlarger enterprises.CYBER LIABILITYINSURANCEAdd even more confidence withfree automatic cyber insuranceupon completion of a self-assessedcertification (up to 25,000 limitof indemnity).Benefits include a 24hr helpline providingcrisis management and incident response.The policy liability amount also covers youagainst extortion demands and ransoms,emergency costs following a breach, loss ofelectronic data and any other businessinterruption caused.NOTE: This is only available to companies with a turnover of under 20m.3

WHAT IS THEPROCESS TOCERTIFICATIONCyber Essentials is a selfassessment questionnaire(SAQ) that asks questionsaround the 5 technicalcontrols (outlined earlier).It’s a fairly simple process thatgets submitted and then verifiedby an accredited Cyber Essentialsassessment organisation. TheCyber Essentials Partner of NCSC- the IASME Consortium, overseesthe scheme’s governanceprogramme. IASME approvesspecific partners to deliver CyberEssentials assessments.Complete your selfassessment questionnaire(SAQ) on the Salus Cyberassessment portalA certified Salus Cyber CEassessor will review theanswersA report will be generatedand sent back to youIf a pass at this stage thenyou will receive yourcertificateIf a fail, remediate any faileditems within 2 days andre-submit responseSalus Cyber will reviewremediated responseAn updated report will begenerated and sent backto youIf a pass then receive yourcertificate, if still a fail,remediate fail sections andre-start the CE certificationprocessCYBERESSENTIALSPLUSCyber Essentials Plus is acertification which adds anindependently auditedelement to the self-assessedCyber Essentials certification.Cyber Essentials Plus is thehighest level obtainable in theGovernment-backed CyberEssentials scheme. It includes aninternal vulnerability scan and anonsite technical audit of yourdevices, systems and networks.Before an audit can be carried out,it’s compulsory that an organisationholds a ‘Cyber Essentials VerifiedSelf-Assessed Certification’ issuedwithin the last 3 months. If yourorganisation is looking to apply forCyber Essentials Plus straightaway,and does not currently hold theinitial Cyber Essentials certification,we can include this as an overalldelivery package.Salus Cyber conduct CE technical assessmmenton-site or remotelyRemediate itemswithin 30 days(NCSC guidelines)Salus Cyber deliverson-site or remote re-testof failed elementsPASSFAILFAILPASSCE pluscertificationawardedRemediate failed items& restart the CE certification processCE pluscertificationawarded4

WHAT’SINVOLVED IN THEAUDITOnce the Cyber Essentials ‘Self-AssessedQuestionnaire’ (SAQ) has been completed andverified, you’ll receive an onsite or remoteaudit carried out by a trained assessor.As part of the audit, the assessor will verify thedetails of the SAQ and examine whether the 5 keyCyber Essential technical controls are in place andimplemented correctly. This is usually done byselecting and testing a random sample of systemsand ensuring they are configured correctly.The key Cyber Essentials Plus tests include: Internal and external vulnerability scansInternal Patch AuditVerification of effective malware protectionEffectiveness of end user device defenses againstmalware delivered via email & web.By undergoing the Cyber Essentials Plus assessmentyou’ll receive a full report with any recommendationsfor improvement.Your new status can also be stamped by adding theCyber Essentials Plus logo to company marketingmaterials - helping you prove to your customers andsupply chain that you have met the baseline securitystandards against an advanced Government-backedcertification.FIND THE RIGHTCYBER ESSENTIALS &CYBER ESSENTIALS PLUSSERVICE LEVELLevel 1 - Self ServiceLevel one is suitable for customers whounderstand Cyber Essentials and CyberEssentials Plus requirements and more thanlikely have individuals with advanced cybersecurity knowledge.Cyber Essentials: Level one is suitable forcustomers who understand Cyber Essentialsand Cyber Essentials Plus requirements andmore than likely have individuals withadvanced cyber security knowledge.Cyber Essentials Plus: For Cyber EssentialsPlus, Salus will coordinate and perform yourorganisation’s relevant audits and tests. Ifyou have passed, certification will be issued.If you have failed, Salus will identify yourfailures to fix the issues. You will then needto purchase a re-assessment.Level 2 - Consulting ServiceLevel two is for clients with minimalknowledge and understanding of theCyber Essentials and Cyber Essentials Plusrequirements. We ensure you receive sufficientexternal support to help you prepare for boththe Cyber Essentials SAQ and Cyber EssentialsPlus audit. As part of our consulting serviceoption, you’ll receive access to our experienced cyber security consultants. They willgive constructive advice as and when youneed it. We’ll also organise, and projectmanage you through the entire process.Cyber Essentials: For the SAQ submission, ourconsultants will work with you to ensure youknow the potential failures and help unpickyour responses before submitting them intothe actual application. This ensures that youranswers are accurate and tailored to theevidence IASME and NCSC are looking for toaward certification.Cyber Essentials Plus: We will work with youto arrange and manage the logistics of theaudit, alleviating time and effort from yourinternal team in scheduling access to devices,identifying potential pain points within theassessment, and pre-audits where appropriate,to ensure controls are implemented correctly.We will then perform your organisation’srelevant audits and tests but will assist yourtechnical teams in fixing the failures and thenensure that the re-audit is completed as soonas these activities are resolved.Note that this is a fixed-time consultingservice, so only the number of days purchasedcan be used. If your organisation requiresadditional time, these can be bolted on toensure all activities are resolved beforere-assessment.5

At Salus Cyber, we provide anindependent service, offeringtailored Cyber Essentials andCyber Essentials Plus packages.All costs will vary depending on the sizeand complexity of your organisation’snetwork and systems.Contact us today to learn more abouthow we can help you.Email: info@saluscyber.comor phone: 44 (0)1242 374087WWW.SALUSCYBER.COMOV E RV I E WG U I D E

cyber security practice. The scheme helps safeguard businesses from everyday cyber threats and mitigate the risk of an attack. Cyber Essentials is a UK Government-backed scheme supported by the National Cyber Security Centre (NCSC). It aims to ensure organisations adhere to an industry-wide level of core cyber security principles. ONE SIZE FITS ALL