Friday, 18 July 2014

Cyber Security at the NATO 2014 Summit

Titania delegate, Andy Williams attended the NATO Briefing to the Industry yesterday at the Farnborough International Airshow.


Source: bbc.co.uk
FIA 2014 is a great opportunity for a day out with the family. The acrobatic demonstrations from renowned aircrafts such as the Breitling Wing Walkers, Aerostars and the RAF Red Arrows, made for a memorable spectacle.

Source: gov.uk
However, Farnborough is not only hosting a public airshow for aviation enthusiasts, but also one of the most recognised trade exhibitions for the aerospace and defence industries. In the run up to the NATO Summit taking place in Wales in September 2014, ADS and UKTI Defence and Security Organisation have jointly offered UK industry the opportunity to connect and engage with the Alliance’s two main agencies: NATO Communications and Information Agency (NCIA) and NATO Support Agency (NSPA).

Source: rocketroute.com
The purpose of the briefing was to showcase the NATO market to the UK industry by bringing together the two agencies involved in budget spending and strategic operational activities, together with the UK defence and intelligence industry. The event is consistent with a previous declaration, by President Barack Obama, where he along with NATO’s Secretary General Fogh Rasmussem would identify the host country for the 2014 Summit, which will look at building up NATO’s ability to address cyber threats and “lock in” commitments by members. The “lock in” reference is a reminder of the message that US has sent before to NATO members, that cyber security is a shared responsibility.

Currently the agenda for the Summit revolves around: Afghanistan troop withdrawal; adapting the Alliance’s existence in the 2014 post era to respond to emerging threats - where cyber defence, intelligence cooperation and special op forces are discussed; budgetary concerns.

Previous meetings establishing the agenda have increasingly discussed cyber issues as an emerging challenge which should enter NATO’s defence strategy. So does this mean will see a grounded cyber security strategy at the 2014 Summit, in Wales? According to Chatham House, inside sources have been quoted saying to expect ‘more of the same’ – a focus on exercises, enhanced training, standard and greater work with partners.

The Alliance is confronting serious criticism from within. The first question on cyber issues has been about the defence of the organisation itself before taking over more ambitious projects. In response, the Alliance has hired Finmeccanica and Northrop Grumman to install cyber security equipment and Incident Response Capability programs across NATO headquarters, in 28 countries. In addition, the organisation also set up two Rapid Reaction Teams to protect its networks against cyber attacks.

Another discussion concerns whether the Alliance should leave cyber security policies to the EU. An enhanced long-term dialogue is needed in order to avoid duplicating efforts with the European Union and this seems to be a recognised concern for NATO leaders this September.

Source: nato.int
Finally, the most pressing question of all is who foots the cyber security bill and from that perspective, the members appear to be fairly reluctant to an offensive cyber strategy, which would put further strain on the already undercut budget. But as indicated in this research paper published by the NATO Defence College, Rome, ultimately there is pressure for the Alliance to justify its presence in the post 2014 era. Perhaps the answer lies in different prioritization over what constitutes a threat in 2014, with new budgets reflecting it appropriately. The Farnborough ‘Briefing to the Industry’, involving the relevant bodies of NATO and emphasizing strategic capacity and budget allocation, indicates the Alliance is already taking steps in the right direction. 


Monday, 14 July 2014

H & W Chamber Awards 2014 - Titania Receives Highly Commended for Commitment to Health and Wellbeing

Titania’s team had the pleasure to attend the 2014 Herefordshire and Worcestershire Chamber Business Awards last week. The ceremony was held at the Bank House Hotel, in Bransford to celebrate the best of the business community of Worcestershire and Herefordshire. The company’s representatives to the event were Ian Whiting, CEO, Nicola Whiting, COO and HR Manager, Shelley Gunnell.





The awards represented an excellent opportunity for networking amid the business society of Herefordshire and Worcestershire. Entertainment was provided by young musician Tina V, while radio host, Howard Bentham of BBC Hereford and Worcester, was responsible for announcing the winners.

Titania was shortlisted in three categories: Small Business of the Year, Growth Business of the Year and Commitment to Supporting Health and Wellbeing in the Workplace (for Worcestershire businesses only) sponsored by Worcestershire Works Well. The 2014 edition of the Awards saw a fierce competition among the finalists, with high quality contenders for each category. For this reason, Titania was very proud to take home the title of Highly Commended for Commitment to Supporting Health and Wellbeing in the Workplace. The company’s “ ‘Duvet Day’ scheme, whereby staff can request to take a paid day of leave at short notice, proved understandably popular with employees”, Worcester News acknowledged.

Incidentally, the morning before the Awards, Titania’s HR Manager and COO, were invited to speak at the Worcestershire Works Well breakfast meeting at the Malvern Science Park about the company’s contribution to the health and wellbeing of its employees.

Speaking to the H & W Chamber of Commerce, Shelley Gunnell said: “We are absolutely thrilled to be highly commended in the category for supporting health and wellbeing in the workplace. We’d like to thank Worcestershire Works Well for their continued support and the Titania family for working together to create our health and wellbeing culture, which is central to our success. This is a really exciting time for Titania and the Chamber’s recognition is the best way to reflect it, thank you!”


Congratulations to all the winners and highly-commended. Titania hopes you continue representing excellency in your respective fields of work and wishes you a successful year ahead: Gtech, Kinetic Six, Allvalves Online Ltd, Allteko Ltd, Thomas Vale Construction, Orchard Valley Foods Ltd, SouthcoManufacturing Ltd, Kingspan Insulation, Gemporia, QinetiQ, Apreco Limited and Pulsar ProcessMeasurement Ltd.



Friday, 4 July 2014

Computing Security Awards 2014 - Titania Needs Your Vote

It's that time of the year again. The time when the prestigious Computing Security Awards open for nominations and we need to kindly ask you to vote for us. Thanks to your votes we've been successful in these awards before. Here's a look at how we did previously: 


Computing Security Award for 
Network Security Solution of the Year 
2012

Computing Security Award for 
Enterprise Security Solution of the Year 
2012
Computing Security Award for 
Enterprise Security Solution of the Year 
2013

Computing Security Award
Editor's Choice
2013


This was all due to you and your recognition for what we do, and we would love to achieve the awards again this year. If you can give us a quick nomination, follow this link: http://www.computingsecurityawards.co.uk

Fill in a couple of details (to make sure the entry is legitimate and no spamming takes place) and then choose a category. For those of you who are not necessarily in the cyber security sector, the most appropriate categories for us are:


Network Security Solution of the Year

Enterprise Security Solution of the Year

Security Company of the Year

SME Security Solution

Personal Contribution to IT Security 
(Ian Whiting Titania CEO & Creator of Nipper Studio)

Please feel free to vote for us in as many categories as you like! More than one vote per company is allowed, if you want to share this with your colleagues and friends. Voting closes on the 25th of July, 2014. If we have been made finalists in any category, we will ask you for your help in voting again to decide the winners. 

Here's a quick refresh on our products: Nipper Studio is network security software for auditing firewalls, switches and routers, while Paws Studio is a compliance auditing and vulnerability assessment tool for servers, workstations and laptops.

A heartfelt thank you for your support from the entire team at Titania!


Wednesday, 2 July 2014

Compliance Auditing & Vulnerability Assessment in One Tool: Paws Studio

https://www.titania.com/pawsstudio
For the first time, Paws Studio, Titania’s powerful compliance auditing tool, will now include vulnerability assessments as well as compliance. This enhancement is the first step towards delivering a more holistic solution for auditors of workstations and servers, just as Titania’s flagship product Nipper Studio has for auditor of firewalls, switches and routers.

Titania is pleased to announce the introduction of OVAL (Open Vulnerability Assessment Language) compliance and vulnerability assessment to Paws Studio, the compliance auditing tool for workstations and servers. The latest release will complement existent policies such as: PCI DSS, SANS, NERC CIP 007-4, NSA and DISA STIG, in order to provide an even more comprehensive view for auditors.

OVAL is supported by the Department of Homeland Security as well as other U.S. governmental agencies and it is a risk and compliance management solution, extensively used by the IT industry. The OVAL compliance framework supports 560+ checks, depending on the operating system, with further check support to be added in the future. The OVAL vulnerability directory carries out 70+ checks, subject to the operating system. Due to frequent updates applied to OVAL, Paws Studio will facilitate the updating process through a convenient Policy Converter which can be found in the ‘Utilities’ tab. The Policy Converter allows the user to download the latest updates from the OVAL website, save it and then upload it to Paws Studio. The Titania Technical Team will also update OVAL on a regular basis within Paws Studio.

Additional improvements to the software include enhancing the Registry Checks to be case sensitive or insensitive, which will minimise the risk of false reporting. Registry values can now be evaluated against regular expressions. Also for a more accurate view, Paws Studio now allows checks for “<=” and “>=” in conjunction with the already present “<” and “>”.

For the Technical Team to offer the best support possible to customers, Paws Studio now offers an easy logging option which can be accessed through GUI, under ‘Settings’, by checking the box for ‘Enable logging’. This option enables the support team to extract a log with useful information for supplying specific and time-efficient assistance.

Overall, the team has also performed general maintenance work to consolidate Paws Studio to an even more robust structure and improved user experience. Titania cares about customers’ suggestions and endeavours to add new features to its products, according to users’ feedback. If you have any suggestions or questions about Paws Studio, please contact the Titania team at support@titania.com

[Note this release is for Windows, Ubuntu 12.04, Open Suse 12.3 and Fedora 19 platforms with releases for CentOS, Open Suse 13.1 and Ubuntu 13.10 to follow.]

Friday, 27 June 2014

Cyber Security Challenges Conference - Titania Discusses Experiences in the US Market

On Tuesday the 24th of June, Titania's CSO Andy Williams, joined a panel of speakers at the half day Cyber Security Challenges conference held at the BIS Conference Centre in London.


Cyber Security Challenges - panel session


Organised by UK Trade & Investment (UKTI), techUK and the Fairfax Country Economic Development Authority (FCEDA) speakers discussed the opportunities for UK companies in the US cyber security market in the public and private sectors. 

Having supplied to over 60 countries worldwide, with around 60% of revenue coming home from the US, Titania's Andy Williams delivered a talk outlining the experience Titania have of the US cyber market and advice on how to do business. 

Other speakers included Lockheed Martin who outlined opportunities in the US market, plus FCEDA and UKTI discussing the support they offer to UK companies looking to supply to the US government and cyber industries. 

The event concluded with a networking lunch and a chance for 1-2-1's with attendees and speakers. 

Andy Williams said: "We know from experience that the cyber security sector in the US is receptive to highly innovative British products. This event was a perfect opportunity to hear from companies who have already achieved success in the market, as well as Government and industry experts who can offer support and insight into doing business in the US."


Andy Williams speaking about cyber security challenges in the US market


Friday, 20 June 2014

WorcsLitFest Launches With the Young Writer Award At The Worcester Guildhall

Source: worcslitfest.co.uk

The evening of Friday, 20th of June, will see the launch of the much awaited Worcestershire Literary Festival. Hosted at the Guildhall, Worcester City Centre, the night will conclude with the competition to determine the Worcestershire Poet Laureate for 2014 /2015.

The panel of judges includes Poet Laureate Emeritus Maggie Doyle, Poet Laureate Tim Cranmore, County Arts Officer Steve Wilson,  Young Poet Laureate Holly Perrett and Secretary of LitFest Polly Robinson. Last year’s winner Tim Cranmore will hand over his title to one of 6 finalists: Bronwyn Durand, Louise Jones, Damon Lord, Fergus McGonigal, Claire Walker and Suz Winspear.

As part of the WorcsLitFest supporters, Titania’s team will be there from 18.30, ready to open the evening with the Young Writer competition. The judges are looking for youngsters between the ages 13 and 19 with a unique talent. As sponsors of this event Titania will then present prizes to the young winners.  Later, winners of the Flash Fiction awards, an internationally recognised short-story competition, will be announced by the judge and founder of the contest, Lindsay Stanberry-Flynn.

Tickets for the first part of evening can be purchased from the WorcsLitFest website.
The night is set to end with a gentle Midnight Moonlight walk around what was once known as the hunting grounds of Malvern Chase.

This however is only the beginning. Over the next 10 days, the organisers, volunteers and WorcsLitFest advocates have worked very hard to bring new, fun, vibrant and dramatic moments to Worcester. There will be a Romantic Novelists Panel with four award winning authors, writing workshops, stand-up poetry, a live cooking demonstration, children story-telling and an evening with house hold name and radio personality Mike Harding, plus many other surprises.

Along with Titania, the Worcester business community has enthusiastically committed to support the Worcestershire Literary Festival. Among the organisations that have joined forces are: The University of Worcester, Sanctuary Group, The Hive, Worcester Whitehouse Hotel, SME Solicitors, Andrew Grant, King’s Worcester, Tudor House, Severn Valley Railway, Pure Risks, Simply Lets, The Old Rectifying House, Drummonds Bar, Avoncroft Museum, eRotary and others.

Tickets are still available online. For enquiries contact secretary@worcslitfest.co.uk

For updates follow @WorcsLitFest and tweet at #worcslitfest


Monday, 16 June 2014

IA14 The Government's Information Assurance Event

Titania is attending IA14, the ‘government’s flagship event on cyber security and information assurance’. Hosted at Park Plaza Westminster Bridge Hotel, London over 16 – 17 June 2014, the event was designed to provide a platform for discussion across government IT, public sector, industry and academia. The debates will focus on how the UK can become an international authority in information security.

Having recently attended information security conferences on both sides of the Atlantic, Titania’s delegate, Andy Williams will be able to share relevant insights with corporate and public sector representatives.

Source: cesg.gov.uk


Conference

IA14 comes shortly after the launch of the Cyber Essentials Scheme and it is likely to be a point of interest at the conference. Another recent initiative in UK’s cyber security policy that IA14 participants can expect to hear about is the CBEST framework, established by CREST (Council for Registered Ethical Security Testers) and the Bank of England. 

Combining government views with industry voices, the keynote speeches promise to reflect a balanced perspective of the cyber security landscape. Ciaran Martin and Iain Lobban of GCHQ, along with Rt. Hon. Francis Maude MP comment on behalf of the Cabinet Office. Bringing industry views are Kathy Warden of Northrop Grumman Information Systems, Symantec’s Samir Kapuria, while Lionel Barber, editor at the Financial Times, will be chairing a panel session.

Streams

Aside from the conference, delegates have the opportunity to observe four streams, organised as collective panels between industry, government and CESG.

The first stream illustrates the challenges of globalisation for the security industry, with issues from manufacturing, international trade and what constitutes an acceptable security promise from vendors. Also included are a comparative look at the cloud service providers, national and international context, and a talk from CESG on new cloud security principles.

The second stream addresses the problem of an ever-changing threat landscape for Government, industry and citizens, by looking at information sharing across governmental departments. Delegates will also have the chance to hear updates on the Defence Cyber Protection Partnership.

Stream three looks at the Secure by Default strategy and features Chemring Technology Solutions as a compelling case study on secure voice communications.

The fourth stream brings Andrew Gracie from the Bank of England and Ian Glover, CREST President, together to explain the corroborated efforts behind CBEST and its benefits to risk-management. Atkins debates the critical vulnerabilities faced by ICS (Industrial Control Systems). Finally, one of the most acute questions in cyber security today: “Why system users don’t simply follow the rules?” is discusses by Prof. Angela Sasse in the context of psychology and human behaviour. Dr. Emma Philpott of the Malvern Cyber Security Cluster concludes the session with a speech on the full leverage that SMEs can exercise in the supply chain.

Exhibition

The exhibition does not fall short of great industry names either. With exhibitors such as BAE Systems, Surevine, Blue Coat Systems, Blackthorn, Symantec, Nexor and Skyscape, delegates and public sector officials will have the opportunity to find the most up to date tools and solutions available in the industry.


Wednesday, 11 June 2014

Paws Studio Review

By Jim Halfpenny 

About the Author 


Jim is an experienced IT practitioner with 14 years experience in both academia and industry, working with renowned companies including British AirwaysOracleBSkyB and Cloudera.

Whether you see compliance as a burden or an aspiration we are frequently mandated to meet a certain set of security requirements around our information assets. One important aspect is being able to demonstrate to yourself and to others that your systems meet the criteria set by your compliance regime. How do you ensure that your systems are compliant with your policies or those mandated by compliance standards? A program of auditing your systems will help you understand the state of your estate.

Titania’s Paws Studio provides a means to audit Windows and Linux systems and provide compliance reports against a defined set of policies. It sets out to provide clear and detailed reports of the system’s level of compliance. Policy templates are editable and Paws Studio comes with predefined templates based on established policies and best practice including PCI, SANS and DoD STIG.

Policy templates are essentially a group of compliance audit checks built from the check library provided by Paws Studio. Checks range from high-level tests such as the presence of antimalware software right down to individual file permissions and registry settings.

There are two ways of creating and customising policy templates. The first is a wizard that guides you through creating your policy. Here you can define the rules that comprise your policy by clicking through a series of screen and selecting checks from the library. The interface is straightforward and self-explanatory and it is a great tool for less advanced users. However, the more technically minded user might find it time consuming and prefer to use the supplied Policy Editor instead which is undoubtedly the more powerful tool.

The Policy Editor provides you with a tree layout of your policy, giving you a bird’s eye view on the ability to quickly navigate through the rules.

In addition clicking on the advanced tab gives you a syntax-highlighted view of the raw policy XML. Whatever tool you choose, the result is an XML file defining the compliance checks for your policy and metadata used to generate the final compliance reports.



Once you have your policy defined it’s time to audit your systems. In order to compile a report you need the compliance audit data collected from a machine. At this point you have three options. You can choose to audit the local machine where Paws Studio is installed. You can also audit a system over the network. To do this will need valid administrator credentials on the remote system. Paws Studio will scan the local network for hosts to audit or you can specify the IP address of the machines in scope.





The third option is to use the portable data collector software, a small executable that can be run from a thumb drive. This is particularly useful where you need to audit a system that is not on the network or is air gapped from your audit workstation. Run the Data Collector, choose an audit policy and it will create a .paws file with the audit results.

Once you have collected your audit data you can produce a report on the audited system. Reports contain the result of each test on the system as well as summary charts showing percent tests passed and a breakdown of tests that failed by severity. Paws Studio creates a compliance audit report that can be saved as HTML, PDF, PostScript or Microsoft Word document. CSV and XML formats are also available so you can feed machine-readable reports into other reporting systems or build your own applications to consume your compliance data.



Paws Studio is available for Windows, Mac OS X and various flavours of Linux and currently supports auditing of Windows and Linux systems. This software pitches to the SME market who could be priced out by enterprise-grade auditing software though they are unlikely to benefit from the bells and whistles these tools provide. If you need a cost effective and easy to use compliance reporting tool, Titania’s Paws Studio certainly merits a second look.

Monday, 9 June 2014

Paws Studio Walkthrough

by Alen Damadzic (Software Developer, Titania)

About the Author

Alen is a key member of the technical team and is the lead developer of Paws Studio compliance auditing software. Since joining Titania as a computing graduate three years ago, Alen’s knowledge of software development and cyber security has grown with the company and he now uses this knowledge to support and train new members to the ever growing development team.

Paws Studio is a compliance auditing tool for servers, workstations and other Windows or Linux based systems. At a basic level, creating a compliance report in Paws Studio can be as simple as selecting an audit policy and clicking go. However, behind the scenes, Paws Studio is performing a number of different processes in order to determine what needs to be checked, collecting the data, comparing the collected data against a policy and finally creating a report. This article provides a walkthrough of those processes to enable you to create truly effective and thorough custom policies to audit against.


Figure 1. Paws Studio audit process
A typical Paws Studio audit is a two-step process. The initial step is to collect the data for the audit and the second is to create the report by comparing that data against a compliance list (see Figure 1).

Collecting Audit Data


Data, such as password policy settings, are collected using a data collector. On Windows, the data collector is a small native program that reads the registry, file permissions and so on. The data collector does not require installing on the system that is being audited and does not require anything to be installed. On Linux systems the data collector is a shell script.

The data collector only collects what is required to create the report. Those audit parameters are specified in a policy file, which we will come back to later.

Figure 2. Report creation methods

When you select to create a new report in Paws Studio (see Figure 2), it will give you the option to add all the systems that you want to audit (local and remote). Paws Studio will then deal with executing the data collector for you and retrieve the results. It is important to note that during this process, Paws Studio will tidy up after itself, so no audit files will be left on the audited system.

Figure 3. Manual data collector option
It is also possible for you to run the data collector yourself on various systems and provide Paws Studio with the collected data; this is shown as the “Manual” option (see Figure 3).

To obtain the latest data collector so that you can perform the audit yourself, select the “Export Collector” option from the “Utilities” menu. You will also need a copy of the audit policy file for the data collector. By default on a Windows system the policy files are stored in “C:\Program Files\Paws Studio\XML”. You will find policy files for PCI, STIG, SANS, and others.

The data collector can be executed from the command line on both Windows and Linux systems. This gives you the ability to script the software so you can automate the audit data collection process.

The Audit Policy


Figure 4. Audit policies

When you create a compliance audit report in Paws Studio you have to select an audit policy that you want to check compliance with. It could be a PCI policy, STIG or others. The policy that you check compliance against when producing a Paws Studio report is stored in a specially formatted XML file.

Although Paws Studio is supplied with a number of pre-defined audit policies, you can create your own. You could use your favourite XML editor to create an audit policy file but Paws Studio includes a policy editor.

The audit policy editor has two modes of operation, a wizard mode and editor mode (see Figures 5, 6). The wizard mode is designed to easily enable you to create your own new audit policy, or edit an existing one, and guide you through the process. The editor mode is more suited for advanced users and editing existing policies.

Figure 5. Policy editor: editor mode

Figure 6. Policy editor: wizard mode

Figure 7. Paws Studio Settings

Customizing an Audit Report


Your audit reports can be customized to change the company name, logo, classification and so on. If you want to override the default Cascading Style Sheet (CSS) there is even an option to do that.

Some key customization options such as the “Policy Editor” “Authorized Software” and “Authorized Startup Items” contain the lists of what is determined to be authorized or not during those particular checks.

The “Reporting” options include an “Interactive Mode” setting that will cause Paws Studio to potentially ask you some questions during an audit. For example, some checks may require a physical analysis, such as “is the server room door locked?”.

An Audit Walkthrough

Figure 8. Paws Studio main frame
Now that we have highlighted the key components of a Paws Studio audit, the simple process of performing a report with all the available options is straight forward.

Select the “Create Report” option (see Figure 8).

Figure 9. Report creation methods

Select what you want to audit (see Figure 9).

“Local” will enable you to perform an audit of your local machine.

“Network” will enable to audit other computers on the network. You many need to specify a username and password.

“Manual” will allow you to add manually collected audit data.

Figure 10. Audit policies

Select the audit policy report that you are interested in. You can select multiple audit policies or specify your own using the “Import Policy” button (see Figure 10).

Click on “Create Report”.

Then you can read your report and save it out to a number of different formats such as HTML, Word, PDF, CSV and others.

Conclusion


This article has delved into what goes on behind the scenes of Paws Studio. By walking you through the key processes involved in creating your own compliance reports, it will enable you to get the most out of the software.

Friday, 6 June 2014

Titania at the Official Cyber Essentials Scheme Launch

Andy Williams (Titania's CSO) was present yesterday, at the invite of the office of Rt. Hon. David Willetts MP, Minister of State for Universities and Science, for the official launch of the Cyber Essentials SchemeThe event was hosted by the ICAEW (Institute of Chartered Accountants for England and Wales) and it was aimed to educate companies on the benefits of adopting the scheme and how best to apply it to businesses. 


Cyber Essential Scheme Launch. Credits: @ICAEW

The scheme, which stands as a guidance and certification reference point, will work alongside other cyber security accreditation bodies (such as the Information Security Forum or British Standards Institution). As such, businesses will be granted the opportunity to qualify for badges that would display how security conscious they are. 

Although the government announced it does not intend to impose legal requirements, it has stated that starting on October 1st, all suppliers bidding for information that handles personal and sensitive contracts in the public sector will need to be Cyber Essentials certified. Early adoption by a few high-profile names such as BAE Systems, KPMG and Barclays show that the scheme was received with enthusiasm. Also, the insurance industry is keen to support the integration of the scheme into their standards.

The scheme is overseen by CREST, the not-for-profit organisation that represents and certifies the information security industry, who collaborated alongside CESG to develop the assessment framework for the scheme. For those interested, badges are already accessible: IASME offers self-assessment path and CREST has a 2-level accreditation available. 

Among information security professionals reactions were positive, but at times reserved. The general consensus was that while the scheme is great for getting the basis of cyber security into place, sustained efforts are needed. 

Peter Wood observes that this is certainly ‘better than nothing at all’ as it addresses the lack of cyber security education for small to mid-sized businesses, which could really benefit from governmental help. Other experts agree that while it is a good starting measure, it shouldn't be seen as a complete solution and as in order to achieve noticeable results, the scheme needs continuous refinement in the long-term. 

Andy Williams thinks that "building on the government's '10 Steps to Cyber Security' launched in 2012, the Cyber Essentials Scheme is an useful next step in raising awareness of basic cyber hygiene standards that, if met, can help businesses protect themselves against cyber attacks. It will be interesting to see how many companies pursue the certification. The government's stated intention to ultimately require all of its suppliers to be CES certified will certainly help to encourage the adoption of the scheme across the UK."

It has been reported that the framework does not yet include guidance around business orientated issues such as business management, IT governance or employee awareness. Organisations would find it useful to have one source that is trusted to be up to date and reliable in these areas to help curb confusion. 

The Cyber Essentials Scheme lays down a good basic foundation and the legislative side gives it a more determined approach, suggesting that the Government is starting to recognise cyber security as a major national issue. The Queen’s Speech in the Houses of Parliament saw the proposal of 11 new laws, including a ‘Serious Crime Bill’ which suggests appropriate jail sentences for cyber crime in order to fully reflect the damage inflicted by a cyber attack.