The IASME Cyber Essentials Plus certification is a comprehensive assessment designed to help organisations prevent cyber threats by following a set of fundamental cybersecurity practices. It is built upon the basic principles of Cyber Essentials but includes a more extensive evaluation through independent testing. Achieving this certification not only showcases your commitment to cybersecurity but also helps to build trust with customers and partners.
A Cyber Essentials Plus assessment constitutes a comprehensive technical evaluation of an organisation’s information systems, designed to ensure robust cybersecurity measures are in place. The assessment encompasses several critical components:
Device Scans: The auditor employs Nessus Professional scanning software to meticulously evaluate devices across the organisation for potential vulnerabilities. This rigorous scanning process identifies weaknesses that could be exploited by malicious actors.
System Testing: A representative sample of the organisation’s systems will undergo thorough testing. This includes key components such as internet gateways, servers, and user devices, ensuring a holistic view of the security landscape.
Vulnerability Scanning: Both internal and external vulnerability scans are conducted to pinpoint security gaps. Internal scans assess the security posture within the network, while external scans evaluate the resilience against threats originating from outside the organisation.
Multi-Factor Authentication (MFA): The auditor will evaluate the implementation of multi-factor authentication across cloud services. This essential layer of security helps protect sensitive data from unauthorised access.
Browser Security Assessment: The auditor examines the default browsers in use to determine their efficacy in blocking malicious activities. This includes analysing the settings and features that help mitigate the risk of phishing attacks and other browser-based threats.
Account Separation: Ensuring a clear distinction between administrative accounts and user accounts is vital. The auditor will verify that these accounts are appropriately separated to prevent privilege escalation and unauthorised access to critical systems.
Antivirus Software Inspection: The auditor will confirm that antivirus solutions are not only installed but are also configured to provide optimum protection. This includes reviewing the settings and policies that govern their operation.
Malware Protection Updates: Lastly, the auditor checks that the antivirus software has been updated. Regular updates are crucial for defending against emerging malware threats.
Following the assessment, organisations are granted a 30-day period to rectify any identified issues for remediation before a second is conducted. If an organisation fails this second assessment, it will be necessary to repurchase the assessment to undergo the process again. This cyclical approach to evaluation underscores the importance of maintaining up-to-date security measures within the rapidly evolving landscape of cybersecurity threats.
Our advice for the maintenance of certification and ensuring security at all times is to utilise professional scanning tools, such as Nessus, to carry out routine vulnerability scans on all devices. This proactive measure enables your organisation to identify and address security weaknesses before they can be exploited by cybercriminals. Schedule scans at regular intervals and after significant changes to your network. Here at ADAS-LTD we provide a cost-effective scanning plan and offer this as additional support to our customers. Please contact and discuss for more details.