Cyber Essentials Scheme Being Updated on 24 April 2023
On 23 January 2023, the National Cyber Security Centre (NCSC) published an updated set of requirements, version 3.1, for the Cyber Essentials Scheme which come into force on 24 April 2023. Whilst the changes are described as being more light touch in comparison to the 2022 update, extra guidance and clarification is provided on compulsory and non-compulsory controls. A significant number of clarification and guidance updates have been made to improve the user friendliness and accessibility of the Scheme. Of greater significance to many organisations, 24 April 2023 represents the deferred date when they will need to meet the 2022 update requirements by protecting all Cloud-based user accounts with multi-factor authentication (MFA), removing or segregating all unsupported software and supporting all in-scope thin clients with security updates.
URM Awarded Accreditation to the CREST OWASP Verification Standard
In November 2022, URM became one of the first companies in the UK to be awarded accreditation to the CREST OWASP Verification Standard (OVS ) to deliver both Level 1 and Level 2 Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS) assessments for Web and mobile applications.
ISO/IEC 27001:2022 Published on 25 October
On 25 October 2022, the International Organization for Standardization published the latest version of ISO 27001 and updated its title to ‘Information security, cybersecurity and privacy protection — Information security management systems — Requirements’. In line with its title, this latest version of ISO 27001 reflects a broader context and that preventing, detecting and responding to cyberattacks is now considered, as well as protecting information and data.
The 2022 version of the Standard provides the updated requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of your organisation.