Cyber Essentials Myth Busting – Part 2

Author: Stuart McCulloch, Lead Cyber Essentials assessor Continuing on from the previous blog the other myths surrounding CE are: Myth 5 – If I use Remote Desktop Services or VDI environments, then the devices connecting to those services are out of scope  Reality – This is not true. The devices themselves that facilitate the connection to […]

Cyber Essentials Myth Busting – Part 1

Author: Stuart McCulloch, Lead Cyber Essentials assessor Overview The Cyber Essentials (CE) scheme was introduced in 2014 with backing from the National Cyber Security Centre (NCSC). The requirements have changed over the years, with the introduction of new elements. The latest question set is the largest change ever and has created some misunderstandings.  This blog is […]

Security Information and Event Management (SIEM) – where to begin and what security logs should you bring in?

Author: Steph Jones, Senior Cyber Security Specialist/Analyst Team Lead – SIEM, Jisc Security Information and Event Management (SIEM) is one key tool of a wider set of controls that you should employ in seeking to protect and defend your organisation from cyber attack. These controls are sometimes referred to as Defence in Depth. SIEM collects […]

Cyber Essentials – onboarding and managing devices

Author: Stuart McCulloch, Cyber Essentials assessor This blog post focuses on options for implementing technical controls to manage personally owned or bring-your-own devices (BYOD) to meet the requirements of the Government’s Cyber Essentials (CE) scheme. We find that our sector is primarily Microsoft focused and so this blog covers its MDM solutions, but there numerous available. […]