CRIBB IASME Gold Audit Success
We are delighted to announce that recently, CRIBB Cyber Security sailed through its 3-year Gold IASME Governance (with Cyber Essentials & GDPR) audit, thus ensuring the highest levels of compliance with this most renowned of organisations. Today, we take a closer look at the IASME Consortium and ponder exactly what this latest achievement means for us and for our many clients…
Who are CRIBB Cyber Security?
As part of theICEway ecosystem of companies, the experts here at CRIBB have helped clients in Healthcare, Cruise and Travel with their cyber security needs. Adopting a security by design approach wherever possible, our goal is to ensure that you have all the required frameworks in place in order to attain the necessary compliance in this technologically advanced world. Digital transformation in cruise in particular has enabled our cyber security professionals to hone their skills, fusing them together with a constantly evolving understanding of what it takes to be truly cyber resilient.
Cyber-attacks have been growing in both number and type and it is our job to assist our clients in the detection and prevention of these, with the following seen to be perhaps the most common (listed alphabetically here):
When sensitive data is exposed, cyber-criminals have the ability to gain access without a great deal of effort. This exposure can be physical, for example through leaked documents, or it can happen on the internet or via devices or other computer hardware.
The process whereby hackers target passwords and codes to access computer systems, in an effort to gain access to sensitive data.
A malicious threat to the inside information held by a company from people within, such as employees or former employees, business associates or contractors.
A social engineering attack that is often used to obtain data such as login credentials or credit card numbers. When an attacker adopts a phishing technique, they generally pretend to be a trusted figure in order to trick victims into opening emails or messages.
A form of malware in which malicious software is used to infect a computer or system, with messages displayed demanding a fee be paid so that the system will work again. A criminal moneymaking scheme, ransomware can be installed via links on websites, in emails or in messages.
See our ‘Top Tips’ below for some pointers on how to avoid falling victim to such attacks!
Who are IASME?
Much like CRIBB, IASME is a cyber security organisation that is dedicated towards ensuring the safety of individuals and businesses against all forms of cyber-attack.
Founded on the principle that a basic level of cyber security was essential in all supply chains, IASME began with the creation of the IASME Governance standard as an alternative to ISO27001 for small companies. This was born out of a UK Government funded project, and when the Government ran a ‘call for evidence’ to unveil the best governance standard for all companies in 2013, the IASME Governance standard was considered the best standard for small organisations out of the 26 that were in the running.
As a result of this, IASME was then invited to help write Cyber Essentials and became one of two pilot Accreditation Bodies to develop it further. After more than 5 years and following a commercial tender process, the NCSC selected IASME to become their sole partner as of April 2020, taking full responsibility for the delivery of Cyber Essentials.
What is the 3-year Gold IASME Governance (with Cyber Essentials & GDPR) audit?
Simply put, this is IASME’s highest level of certification and provides assurance that your level of cyber security has been audited by a highly skilled, independent third-party.
The audit typically involves interviews with staff and a review of all documents and system configuration, with the auditor often visiting your office to make sure that a robust level of security is present across the entire business.
ISO27001 – An information security standard
Cyber Essentials – A UK government scheme with five basic security controls in place that are designed to protect companies against ~80% of common cyber-attacks:
1. Use a firewall
2. Use secure settings for software & devices
3. Control access levels
4. Protect yourself against viruses
5. Keep software & devices up to date
NCSC – The National Cyber Security Council
As we have seen, there are many forms of cyber-attack, and by following some very simple rules you can markedly improve your defences:
- Beware of phishing (do not open unknown emails or links)
- Implement a robust password policy across the entire organisation
- Implement firewall protection in all offices and at home (remote working)