Cyber Essentials

A guide to the information shared for the Cyber Essentials application 

 1. Organisation

 This “Organisation” section collects basic yet critical information about the entity undergoing the cybersecurity assessment. Questions include the organisation’s name, type, registration number, and address. This information is fundamental as it identifies the entity being assessed, ensures the applicability of relevant security measures, verifies the legitimacy of the business, and provides a context for security protocols specific to the organisation’s location.

2. Scope: The “Scope” section focuses on defining the boundaries of the cybersecurity assessment. The key question here is about the scope of the assessment, which delineates which systems, networks, and processes are included. This is crucial for ensuring that the assessment is comprehensive and covers all critical aspects of the organisation’s digital infrastructure, thereby providing a clear framework for the evaluation of security measures. 

3. Boundary Firewalls and Internet Gateways

 This section examines the presence and configuration of firewalls, which serve as a critical first line of defense against external threats. Questions in this section assess whether there is a firewall between the network and the internet and whether it is securely configured. Ensuring that firewalls are properly set up helps to prevent unauthorized access and protects the network from a wide range of cyber threats.

4. Secure Configuration

 The “Secure Configuration” section is designed to ensure that systems within the organisation are configured securely to minimize vulnerabilities. This includes disabling unnecessary services and regularly reviewing user accounts. By reducing potential attack surfaces and maintaining strict control over user access, the organisation can significantly lower the risk of exploitation by malicious actors.

5. User Access Control

User access control is a critical component of cybersecurity, and this section focuses on managing how access to systems and data is granted. Key questions assess whether user accounts are given the least privilege necessary and if two-factor authentication is employed. These measures limit the potential damage from compromised accounts and add an additional layer of security, enhancing overall access control.

 6. Malware Protection

 In the “Malware Protection” section, the focus is on the measures taken to protect against malicious software. Questions here evaluate whether anti-malware software is installed on all devices and if regular scans are performed. This continuous protection and detection are essential for defending against malware, which can cause significant harm to an organisation’s data and operations.

7. Patch Management

The “Patch Management” section addresses the process of applying updates to software to fix vulnerabilities. This includes ensuring that patches are applied timely and utilizing automated patch management systems. Keeping software up-to-date is vital for preventing exploits that could be used to compromise systems, making patch management a cornerstone of effective cybersecurity practices.

Importance for Businesses

Effective risk management is achieved by identifying and addressing vulnerabilities, thereby safeguarding business operations. A robust cybersecurity posture enhances the organisation’s reputation, fostering trust with clients, partners, and stakeholders. By preventing cyber incidents, these measures ensure the smooth and uninterrupted functioning of business activities, which is essential for maintaining operational continuity. 

For all areas covered in the report, Lupasafe’s main dashboard prioritises any risks and vulnerabilities for users to take action and remediate issues. Once any vulnerabilities are resolved, the report can be submitted for certification by IASME.

Penetration (pen) testing

Lupasafe can support pent testing with coverage of the full network, device, endpoint, and cloud view of cyber risks. In addition Lupasafe’s pen test partners can drill down into your business to identify and help you harden security.

Pen testing typically looks at a limited scope of technology within a business, for a given time frame. Lupasafe’s platform covers all the technology, aswell as personnel training and awareness, for the whole business.