B2E Consulting is delighted to announce that our Cyber Security Principal John McCarthy’s company Oxford Systems is now a Certification Body for Cyber Essentials
We are often asked, “does a business still need Cyber Essentials certification if they have ISO 27001?”. Businesses sometimes presume that if they have undergone ISO 27001 certification they will not need the seemingly less complex Cyber Essentials controls.
The reality is that Cyber Essentials can still be very beneficial for companies who hold ISO 27001.
At its heart, ISO27001 is a risk management certification. This means that an organisation decides, after examining its information security risks, which security controls they are going to implement. The organisation may choose to put in place a different set of controls to those in Cyber Essentials and may decide to accept the risk of not implementing certain Cyber Essentials controls.
This becomes particularly important when looking at risk management within a supply chain. Cyber Essentials is a prescriptive standard, and so it gives more confidence to the person responsible for procurement that a business has implemented the five specific controls that are part of the standard.
If a business only has ISO 27001 they may have made a risk-based decision on whether to implement the controls and could have taken a management decision to accept a high technical risk without full knowledge of the security consequences. We have seen companies, for example, decide not to patch their systems within 14 days because of a decision made by management.
In the real world we see lots of companies with ISO27001 trying to achieve Cyber Essentials and they often struggle to achieve it.
This is why Cyber Essentials certification is often mandated throughout a supply chain regardless of ISO27001 certification.
For more information or a chat with John, please contact us at B2E.
B2E Consulting is different…
- Our B2E community consists of over 20,000 independent, expert consultants who provide depth of capability – most have trained at big consultancies or blue-chip companies
- Our flexible model ensures the expertise at the right price
- Our team has the insight and experience to bring these elements together
We always welcome the opportunity to discuss your consulting project requirements and our service offerings with you further.
About Dr John McCarthy
Dr. John McCarthy McCarthy is the B2E Consulting Principal leading on the Cyber Security Service Offering. Dr McCarthy is a highly experienced consultant who has a 20 year proven track record of delivering cyber security services to assist businesses in defending themselves against the modern world of cyber and IT attacks and complying with an increasing regulatory environment.
Dr. John McCarthy holds a PhD in Cyber Security and e-Business Development and is an internationally recognized author and keynote speaker. He has been involved in multiple UK government committees developing UK law on cyber security, e-crime and digital infrastructure. He is a panel member of the American Transport Research Board that published guidance on Cyber Security best practice for Airports throughout North America.
Dr. John McCarthy is an active member of the ACI EUROPE Aviation Security Committee, The British Computer Society (BSC) IT Leader’s Forum, The International Committee on Information Warfare and Security and a Member of the Worshipful Company of Information Technologists. John is also a Freeman of the City of London.