Scroll Top

Cyber Essentials Plus Methodology

Home » Cyber Essentials Plus Process

Unlocking the Power of Cyber Essentials: Your Guide to Enhanced Cybersecurity

December 14, 2023

Conquering Malware: A Critical Step Towards Cyber Essentials Certification

December 13, 2023

Why Firewalls and Gateways are Your First Line of Defence in Cybersecurity

December 8, 2023

Passwords

December 8, 2023

Mastering Secure Configuration: Your Essential Guide to Cyber Essentials Certification

December 8, 2023

Cyber Essentials Plus Process

External Vulnerability Scan (unauthenticated)

To test whether an Internet-based opportunist attacker can hack into the applicant’s system with typical low-skill
methods.

Conduct a vulnerability scan on all external/ public IP addresses
Full TCP and UDP port scan
Interrogate authentication portals

Internal Vulnerability Scan (authenticated)

Identify missing patches and security updates that leave easy-to-exploit vulnerabilities within the scope of the
scheme.

Scope the assessment and provide sample requirements
Install remote vulnerability scanning agent on selected sample
Conduct vulnerability scans and provide results along with remediation guidance

Under the consultant’s guidance, the user performs the following tasks via screen share software.

Device Configuration

To ensure the device under assessment aligns with the devices in the authenticated vulnerability assessment

View evidence of:
o Private IP address
o Operating system information
o Firewall settings
o Anti-malware definitions released within the 24 hours prior to testing have been installed
o Anti-malware engine updates released within the 30 days prior to testing have been installed

Malware Protection Assessment via Browser

To check that all the devices in scope benefit from at least a basic level of malware protection.

Download benign test files from the Cyber Essentials testing platform.

Malware Protection Assessment via e-mail

To test protection against malware that is delivered via e-mail attachments.

Send benign test files to the user’s corporate e-mail address and observe the user attempting to open each
attached test file.

Multi-Factor Authentication Configuration

To test cloud services declared in scope, they have been configured for multi-factor authentication (MFA).

View standard users’ and administrators’ requests for MFA on all cloud services via a browser (where
applicable).

User account separation

To test that user accounts do not have administrator privileges assigned.

Ensure the user is a standard user.
Attempt to perform a task as an administrator and observe the output.

Daniel Phillips

get in touch

Get in touch with us for a robust penetration test that yields great return on investment.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Table of Contents

Related Articles

Cyber Essentials Plus Process

External Vulnerability Scan (unauthenticated)

Internal Vulnerability Scan (authenticated)

Device Configuration

Malware Protection Assessment via Browser

Malware Protection Assessment via e-mail

Multi-Factor Authentication Configuration

User account separation