Cyber Essential levels
The two levels of Cyber Essentials should really be called Cyber Essentials Very Basic and Cyber Essentials Basic, as neither ensures continuing resilience against cyber attack. The best on offer is an "MOT test" of following some specific rules, and at the "higher" level also passing a pen test on a given occasion.
When Cyber Essentials was in its infancy I recommended verification of the maturity (on the lines of CMM) with which the specified controls are managed. I got no traction, despite most cyber breaches primarily succeeding due to lax management rather than not having controls notionally in place (witness Equifax).
It's also worth noting that despite all the publicity about the insecurity of Zoom, both government agencies and others to my knowledge conferencing at Secret and Top Secret levels are still using it.
So much for cyber security.
Biting the hand that feeds IT
