What is the IASME Cyber Security Essentials Scheme?

Some screen shots from the publicly available Cyber Security Essentials literature

Really, this can all be summed up by looking at the Diagrams here.

Cyber Security Essentials really is about protecting the “low hanging fruit”. It is not good enough for an organisation that is trying to properly secure their network.

Cyber Security Essentials is NOT looking at DOS attacks, MITM attacks or Insider threats, which are probably the leading dangers to your organisation.

These are reasonable things to address

Cyber Security Essentials is not designed for Bespoke systems, just for “off the shelf” products.

PCI DSS says lock account out for 30 mins after 6 failed attempts, CSE (Communications Security Establishment) a Canadian Government service say 10 failed attempts.

PCI DSS Says minimum of 7 characters, CSE say 8.

Users are “expected to pick sensible passwords”??? Really, do you trust them to do that?

Never really thought this was good advice. Contradictory info to PCI DSS. I Would prefer to see complexity rules enforced and not enforce frequency changes.

Daily anti malware updates

White listing over Blacklisting for software. A White list always better.

White list = Deny all unless expressly allowed

Black list = Allow everything unless expressly denied = more management

Summary
Article Name
What is the Cyber Security Essentials Scheme?
Description
Some screen shots from the publicly available Cyber Security Essentials literature. It is really about protecting the "low hanging fruit".
Author
Publisher Name
OIC Solutions

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close