Red Flag Alert launches Cyber Red recognising the explosion in demand for Cyber security. RFA has extended its expertise in data security and general risk management by adding a new service to provide businesses with the Government’s cyber security standard, ‘Cyber Essentials’.
Following a summer of high profile data breaches and fines for those concerned and worse in some cases, the awareness and interest in data and indeed Cyber security is perhaps at an all-time high.
The government is trying to encourage all businesses and organisations to take this subject seriously. As from this year for example, any business that deals with Government in anyway must have attained the 'Cyber Essentials' designation at the very least. The 'Cyber Essentials' scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s '10 Steps to Cyber Security' and through the 'Assurance Framework' it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
'Cyber Essentials' offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Government believes that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. 'Cyber Essentials' defines a focused set of controls which will provide cost-effective, basic cyber security for organisations of all sizes.
The Assurance Framework, leading to the awarding of Cyber Essentials and Cyber Essentials Plus certificates for organisations, has been designed in consultation with SMEs to be light-touch and achievable at low cost. The two options give organisations a choice over the level of assurance they wish to gain and the cost of doing so. It is important to recognise that certification only provides a snapshot of the cyber security practices of the organisation at the time of assessment, while maintaining a robust cyber security stance requires additional measures such as a sound risk management approach, as well as on-going updates to the Cyber Essentials control themes, such as patching. But we believe this scheme offers the right balance between providing additional assurance of an organisation’s commitment to implementing cyber security to third parties, while retaining a simple and low cost mechanism for doing so.
CyberRed has been designed to simplify attaining the Cyber Essentials standard and to enable this to be done via our on-line portal. Much of the standard is achieved via a detailed interactive response questionnaire but the answers and solutions are then validated in conjunction with our Partner, PGI Security.