The Cyber Essentials scheme developed by the UK government and industry to provide organizations with basic cybersecurity controls and offer certification to demonstrate implementing these controls. The document discusses the five key controls, certification process, limitations of the scheme for education, and argues it is worth the time and cost as a starting point for cybersecurity and keeps stakeholders assured while being a straightforward certification.

1. Implementing
cyber essentials
Ged Nicholson,
Hartlepool College of FE

2. The Cyber Essentials scheme has been developed by
the UK Government and industry to fulfil two functions
It provides a clear statement of the basic controls all
organisations should implement to mitigate the risk from
common internet based threats, within the context of the
Government’s 10 Steps to Cyber Security
And through the Assurance Framework it offers a
mechanism for organisations to demonstrate to
customers, investors, insurers and others that they have
taken these essential precautions
What is
Cyber
Essentials

4. Five Key Controls
Boundary firewalls &
internet Gateways
Secure
configuration
Access control &
administration privilege
management
Patch
Management
Malware
Protection

5. > Self assessment questionnaire verified by
certification body
Which option
> Verification carried out independently by a
certification body

6. cyberessentials.ncsc.gov.uk/
Where to
go for help

7. cyberessentials.ncsc.gov.uk/
Where to go
for help

8. Accreditation Bodies
Direct - Portal
CE £300
CE+ ?
40 Questions
48 Suppliers
CE £300 +
CE+ £1250 +
34 Questions
Vulnerability
Scan Included
20 Companies
CE £250 +
CE+ £500 +
35 Questions
4
Companies
?
?
?
?
Direct + 143 Suppliers
CE £300 or £400
CE+ Varies
62 or 171 Questions
Bundle with IASME
governance & GDPR
assessments
cyberessentials.ncsc.gov.uk/getting-certified/

9. > Decide CE or CE+
> Select Certification Body through one of the Accreditation
Body
> Verify that your IT is Secure
> Write business scope
> Fill out Questionnaire
> Option – Arrange Vulnerability scan/Visit
> Buy picture frame and await for Certificate
> Renew after one year
Steps to
Certification

10. > Make sure you have the 5 key controls covered
> Review the questions before you start the process
> Take your time to selecting a accreditation and
Certification bodies
> Select which option is best for your needs CE or CE+
> Getting the Scope correct is vital especially for CE+
> Be prepared to justify your answers and results
Our
Experience

11. Limitations
Not designed for Education
Scheme not consistent
CE relies on the company honesty
Is only a snapshot in time
Can be expense for CE+

12. Is it worth the Time and Cost?
Good starting point for Cyber Security
Simple, straightforward and cost affective
certification process
Keeps management, auditors and insurers happy

13. Except where otherwise noted, this work is licensed under CC-BY-NC-ND.
Gerald Nicholson
IT manager
gerald.nicholson@hartlepoolfe.ac.uk
I have been…
Hartlepool College of Further Education, Stockton Street, Hartlepool, TS24 7NT
T 01429 404181
enquires@hartlepoolfe.ac.uk
www.hartlepoolfe.ac.uk

14. Any questions? /
Thank you