Know why, what and how things should be done and how to close the gaps.
What Is Cyber Essentials?
Cyber Essentials is a UK Government-backed scheme designed to help businesses from startups to large enterprises demonstrate a commitment to protecting themselves against a whole range of the most common cyber-attacks including inappropriate access to personal information and other Cyber risks which may be the responsibility of the Board of Directors through regulations such as GDPR.
Tiberium has a long and successful history of supporting businesses of all sizes. Tiberium is certification body authorised to provide the assessment services for both Cyber Essentials and Cyber Essentials PLUS accreditation.
The UK Government recognises the challenge from the current cyber threat and has the ambition to tackle it head on.
Cyber Essentials is very much part of the National Cyber Security Strategy and through gaining the certification, Tiberium is making an important and valuable contribution towards the Government’s aim of making the UK the safest place to do business online.
Cyber Essentials and Cyber Essentials Plus
Cyber Essentials certification has two levels: An organisation can either be certified to ‘Cyber Essentials’ or ‘Cyber Essentials PLUS’.
Cyber Essentials is self-assessed, with the assistance of Tiberium if required. It is designed to ensure protection against a wide variety of the most common cyber attacks. Most cyber attacks are simple in nature and opportunistic. Cyber Essentials gives your business peace of mind against these common threats.
Cyber Essential PLUS
‘Cyber Essentials’ certification is not a pre-requisite for ‘Cyber Essential PLUS’, although the requirements of the ‘Cyber Essentials’ certification are all included in Cyber Essentials PLUS.
Businesses choosing to gain Cyber Essentials PLUS require a technical assessment of the environment including workstation and mobile device build, internal and external host vulnerability scanning which be provided as part of the Tiberium service.
Tiberium will assist you in selecting, obtaining and maintaining the appropriate level of certification for your business now and as you grow.
Tiberium Attack services comprise multiple services which suit different businesses at different stages in overall security maturity, project status and of course, the threat and risk levels specific to the business, the sector, or more generally.
It is essential to select the correct service for your organisation to maximise and measure the effectiveness of your Security budget investment.
The services are split into the following categories, although there is some overlap. Tiberium will recommend a programme best suited to the task if required.
Traditional Penetration testing
This is a full test of your security posture from an external, internal or combined perspective. Carried out by Tiberium’s assurance team, this process will result in reliable prioritised recommendations for remediating any issues.
If Penetration testing is akin to an assault by an army, Red Teaming is akin to a ‘Special Forces Hacking’ affair using preparation, reconnaissance and stealth, aligned to real threat actors tactics and techniques.
A Blue Team tries to detect a Red Team attack and either stop it in its tracks or defend the target. The tools and techniques available to the Blue Team will be those currently in place at your organisation, or we can rapidly deploy a detection solution.
This is where Red and Blue teams work together rather than as adversaries to identify issues in detection rules quickly, including applications, infrastructure, people and processes. If you have an in-house team, Tiberium can augment it to add knowledge and experience. In terms of training your people, purple teaming is very valuable.
Third party penetration tests should be performed by qualified and experienced staff only and are recommended to take place at least once a year by the UK Government
Tiberium will always communicate throughout the process and will explain the results, giving actionable intelligence to help you understand vulnerabilities and priorotise the solutions required to make your business more secure
Schedule a discussion
Contact us today to learn how we can help protect your business