CESG, the ‘information security arm’ of GCHQ, has announced the launch of a new scheme which will provide Government and industry customers with expert advice configured to meet their cyber security needs.
The Certified Cyber Security Consultancy Scheme is a new approach designed to help Government, the wider public sector and industry obtain the right cyber security consultancy services and, by doing so, help them to protect their information and conduct business online in a safe and secure manner.
This new scheme will provide a wide range of consultancy services delivered by commercial companies and assessed by CESG to meet the demand for high quality, tailored, expert advice in the field of cyber security.
Against a backdrop of increasingly complex and sophisticated cyber threats, and the Government’s need for secure IT solutions as it puts more and more services online, demand for trusted cyber security advice is set to grow. The new approach will help to meet that demand by fostering partnerships with commercial companies of all sizes, offering Government and industry access to a wide choice of trusted suppliers.
Using its deep technical expertise as the National Technical Authority for Information Assurance, CESG has set the standard for cyber security consultancy against which industry suppliers of cyber security advice will be evaluated.
Ciaran Martin, GCHQ’s director general for cyber security, commented: “The launch of this scheme is a big step forward for cyber security in the UK. There’s only so much an organisation like GCHQ can and should do directly. This new scheme will significantly enhance the pool of trusted cyber security advice available from private providers.”
To achieve certification, companies must demonstrate a proven track record of working with customers and show that they maintain an awareness of the cyber threat environment, giving Government and other customer’s confidence in the advice they receive.
Customers will be able to select the most suitable cyber security consultancy from a list on the CESG web site.
Certified Cyber Security Consultancy Scheme: the fine detail
Companies are assessed and certified by CESG and must meet CESG’s standards in order to achieve certification. The assessment tests that the company is of good standing, has practical experience and knowledge of the customer set and understands and maintains awareness of the cyber threat environment.
Prospective customers for Certified Cyber Security Consultancy will need to consider which services they need. Cyber security is a broad and complex discipline so customers may also wish to seek the advice of an independent advisor to act as a ‘client friend’ in order to help them define the services they need.
The services and advice customers can expect from a Certified Cyber Security Consultancy include:
*Policy and Standards
*Information Security Strategy
*Legal and Regulatory Environment
*Information Assurance Methodologies
*Audit and Review
Crown Commercial Services will provide a framework contract through which customers can procure the services of certified companies, making procurement both quicker and easier. CESG expects that customers of the new service should not see an increase in the cost of their consultancy under this initiative.
CESG encourages customers to provide feedback on their experiences of Certified Cyber Security Consultancy and the service they have received through this initiative at any time or during the regular reviews of company performance CESG intends to introduce.
CESG is the UK Government’s National Technical Authority for Information Assurance and protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia.
*Further information can be found online at: http://www.cesg.gov.uk/Pages/homepage.aspx