Reply to post: Cyber Essential levels

Ministry of Defence lowers supplier infosec standards thanks to COVID-19 outbreak

Mike 137 Silver badge

Cyber Essential levels

The two levels of Cyber Essentials should really be called Cyber Essentials Very Basic and Cyber Essentials Basic, as neither ensures continuing resilience against cyber attack. The best on offer is an "MOT test" of following some specific rules, and at the "higher" level also passing a pen test on a given occasion.

When Cyber Essentials was in its infancy I recommended verification of the maturity (on the lines of CMM) with which the specified controls are managed. I got no traction, despite most cyber breaches primarily succeeding due to lax management rather than not having controls notionally in place (witness Equifax).

It's also worth noting that despite all the publicity about the insecurity of Zoom, both government agencies and others to my knowledge conferencing at Secret and Top Secret levels are still using it.

So much for cyber security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon