Cybercrime:Written question - 63988

Asked by Andrew Gwynne
(Denton and Reddish)
Asked on: 17 February 2017
Department for Culture, Media and Sport
To ask the Secretary of State for Culture, Media and Sport, whether the Cyber Essentials scheme includes protections against (a) structured query language injection and (b) other code vulnerabilities.
Answered by: Matt Hancock
Answered on: 27 February 2017

The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme requires software running on computers and network devices to be kept up-to-date and have the latest security patches installed: this is designed to protect against known code vulnerabilities.

Although Cyber Essentials is intended to provide a good basic level of cyber security, it does not represent a full cyber risk management regime, which is something set out in the more comprehensive ‘10 Steps to Cyber Security’ guidance. As part of the regular reviews of all cyber security standards, the Government considers whether Cyber Essentials needs to be updated to reflect other risks. The value of Cyber Essentials lies in its simplicity and it is important to balance this against breadth and depth of controls.

Share this page