Cyber Essentials Toolkit
BIC: COMPUTER SECURITY, Corporate governance & responsibilities
BISAC: COMPUTERS / Security / General, BUSINESS & ECONOMICS / Corporate Governance
Built on expert knowledge gained from numerous cyber security implementation projects in a range of industries and companies, this toolkit includes all the necessary work procedures and processes for ensuring that the controls you are implementing, according to the requirements of the Scheme, are effective in delivering what they intend to do.
The toolkit includes:
- Gap analysis tool
These processes will help your organisation move to the next level of cyber security and ensure that the required controls are implemented effectively.
The most important aspect of your CES documentation is that it has to be your own. It has to reflect your organisational culture, your processes and your technologies.
The biggest danger in using any set of model documents is that they can deprive your organisation of the opportunity to really understand what it is doing. The result can be that the CES implementation fails, either immediately or in the long term.
This documentation toolkit is designed to reflect all of the requirements of the Cyber Essentials Scheme, but it does not incorporate the actual actions that must be implemented to be certified to the scheme. That is, the documents describe what your organisation should be doing to meet the scheme’s requirements, but you will need to ensure that your organisation follows through.
Ensure that the controls you are implementing are aligned to the requirements of the Cyber Essentials Scheme with this toolkit.
Policies & Procedures
Scope Statement CES DOC 1
Firewall Configuration CES DOC 1.1
Hardware & Systems Configuration CES DOC 2.1
Standard Configuration CES DOC 2.2
Monitoring Policy CES DOC 2.3
Access Control Policy CES DOC 3.1
Access Control Rules & Rights CES DOC 3.2
User Access Management CES DOC 3.3 Username Administration CES DOC 3.3a
Individual User Agreement CES DOC 3.4
Special Access Privileges CES DOC 3.5
Policy Against Malicious Code CES DOC 4.1
Controls Against Malicious Code Procedure CES DOC 4.2
Anti-Virus Software Work Instruction CES DOC 4.3
Software Updates and Patching Policy CES DOC 5.1
System Testing Policy CES DOC 5.2
BYOD User Agreement CES DOC BYOD
Firewall Register CES REC 1.1
Schedule of Log Requirements CES REC 2.3
Replacement Password Request CES REC 3.1
User Deletion Request CES REC 3.2
Special Access Privileges Register CES REC 3.3
Cyber Essentials Gap Analysis Tool
Cyber Essentials Document Dashboard
Roles and Responsibility Matrix
Clause Mapping Tool – Cyber Essentials vs ISO 27001: 2013
Documentation Analysis Tool Documentation & integration with an ISMS: Documentation Mapping CES
Documentation Toolkit & ISO27001: 2013 ISMS Documentation Toolkit