Startup Observer.com
  • Home
  • Industries
  • Innovation
  • outsourcing
  • Business
  • Finance
  • Headlines
  • Opinion
  • News
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
Home Business What security certification is right for your business?
Business

What security certification is right for your business?

by jcp October 26, 2021
October 26, 2021
gawdo

With ransomware attacks and data breaches on the rise, customers are understandably anxious to ensure that vendors and service providers are handling their data properly. Getting a cybersecurity certification for your business is a good way to stand out from the pack and show potential customers and business partners that you’ve done your security homework. But which should you get?

Cybersecurity experts, Probrand, have put together the following advice for businesses:

Cyber Essentials

Perhaps the most relevant cybersecurity certification for small businesses in the UK is the government’s own Cyber Essentials scheme. Operated by the UK National Cyber Security Centre (NCSC), it’s a certification in good practice for cybersecurity.

Cyber Essentials offers two levels of certification. The first, Cyber Essentials, is a self-assessment option that demonstrates you’re competent in five areas of technical controls: firewalls, secure configuration, user access control, malware protection, and security update management.

In this option, companies fill out an online questionnaire, and then a board member signs a declaration to confirm that all the information given is true. An assessor then checks over the answers and makes a decision.

This online questionnaire is also a requirement for the second, higher level of certification, known as Cyber Essentials Plus. Within three months of taking the questionnaire, you can apply for a hands-on technical audit from an accredited auditor working with the NCSC.

Other accreditations

Cyber Essentials is a good all-round basic cybersecurity hygiene certification, but other certifications take a more general view of cybersecurity controls. ISO 27001 focuses more on information management. It looks at areas ranging from risk assessment and security policy through to asset management, physical security, and human resources security. It also examines issues such as access control and incident management. As a broader information security certification with many more moving parts, it is likely to take significantly more time and work, both to prepare and to get assessed.

Some cybersecurity and information security accreditations are industry requirements rather than voluntary projects. One example is the Payment Card Industry Data Security Standard (PCI-DSS) created by the Payment Card Industry Standards Council, an independent body organized by payment card companies.

PCI-DSS carries different levels of accreditation based on which type of merchant you are. That in turn is determined by criteria such as how many credit card transactions you process and how you take payments. This accreditation requires a mixture of regular automated vulnerability scans and possibly an on-site audit depending on your company’s characteristics.

Why get certified?

When a set of industry partners demands certification, you don’t have a choice. When it’s a voluntary system, you’ll weigh the time and cost of certification against three main factors:

  • Reputation: Sporting a certification can go a long way towards building trust in your company before you even begin building a relationship with a customer. They can be a valuable marketing asset when building your industry brand.
  • Compliance: A certification might be a requirement for some customers, especially those in heavily regulated industries. Doing all this groundwork now can avoid costly headaches later when a customer lists certification as a requirement on its RFP or sales contract.
  • Peace of mind: Going through the certification process is also an excellent way to refine and improve your own cybersecurity and information management controls. Even if you are never asked to produce this, it will make you more confident that you’re offering a mature, safe service to your customers.
www.gawdo.com
Share on FacebookShare on TwitterShare on Linkedin
0 FacebookTwitterPinterestEmail
previous post
EMAIL PHISHING: BETTER TO BE SAFE THAN SORRY…
next post
2021 Digital Masters Awards – Shortlist Announced

You may also like

How to Start a Business at School

January 26, 2023

Teamed makes string of senior appointments as it...

January 24, 2023

Virtual Business Support on the increase with Legal...

January 17, 2023
gawdo.com
https://www.gawdo.com
  • About us
  • Advertising & Terms of Use
  • Contact Us
  • Privacy Policy

@2021 - All Right Reserved.


Back To Top
Startup Observer.com
  • Home
  • Industries
  • Innovation
  • outsourcing
  • Business
  • Finance
  • Headlines
  • Opinion
  • News