We care about your privacy!

We use cookies on this website to improve your browsing experience and make your interactions more meaningful. This includes analyzing website traffic, individual usage to tailor content to your preference and measure the effectiveness of ads and ad campaigns. You can learn more about how we use cookies and manage your preferences in our privacy statement and cookies policy.

On-demand CMDB WEBINAR | Optimizing IT Infrastructure: Enhancing Tracking, Efficiency, and Security. WATCH NOW!

Cyber Essentials Plus: Meet the requirements with ITSM

If you're bidding for a UK government contract that involves handling sensitive data or providing specific products or services, you've probably come across Cyber Essential and Cyber Essential Plus – this certification includes an additional technical audit. These government security frameworks are designed to effectively manage security risks against common cyber threats. To meet certification requirements, implementing an IT Service Management (ITSM) solution is essential.
Adam Sima

6. 12. 2023

Why should one obtain Cyber Essentials Plus certification?

There are multiple reasons to pursue cybersecurity certifications beyond just ensuring the security of your organization. These include:

Improve supply chain security

Win new business

Qualifications required for working with the UK government.

Reassure your stakeholders that you are fully committed to securing both your and your customer's data.

The role of ITSM in Cyber Essentials Plus

As part of the certification and technical audit requirements, it's essential to demonstrate sufficient security in areas such as malware protection, user access control, secure configuration, proper firewall and gateway settings, and security update management. The right IT Service Management (ITSM) solution can help you with most of these areas:

User access control

Good user access control ensures that only authorized individuals have a user account, which gives them the minimum amount of access necessary to perform their duties. 

Although ITSM solutions do not typically provide built-in Identity Access Management (IAM), they can be crucial for submitting and approving access requests in a secure manner and with an audit trail.

 In addition, you can integrate ITSM with IAM to automatically assign access to a specific user once the request has been approved by a supervisor. This can also be used to revoke access or deactivate user accounts when employees depart from the organization.

Secure configuration

Default configurations of computers and network devices may not always be secure, posing potential vulnerabilities. These vulnerabilities include default passwords, the absence of multi-factor authentication in administrative accounts, unnecessary pre-enabled user accounts with special privileges, and pre-installed but unnecessary applications or services. 

TSM tools typically provide automated workflows to ensure that IT teams consistently perform the necessary steps when implementing new hardware into the network

Some ITSM tools also provide a configuration management database (CMDB) to visualize your IT infrastructure, helping you understand the relationships between configuration items (e.g. network devices, services, etc.). This comprehension is essential for the secure implementation of configuration modifications and the efficient resolution of incidents.

Security update management

Unpatched and outdated software and hardware may pose significant security risks and challenges for your risk management team. IT Asset Management (ITAM), a subset of ITSM, helps you maintain an updated asset inventory. For instance, automatic agent detection provides information about the software running on a specific device, checks for unlicensed software, and notes the technical configuration of the device. You can also set up automatic notifications for the detection of unlicensed or unsupported software as well as outdated configurations (e.g. an outdated version of TPM). This measure helps to reduce security risks and guarantees compliance in the event of a software audit.

Malware protection

You can also use ITAM's capabilities to create a list of allowed applications and blacklists. This allows you to easily restrict the use of known malware and untrusted software to prevent potential damage or unauthorized access to sensitive data. If any malicious software is detected, it will automatically alert the IT team or the users who are using prohibited software. This helps your organization avoid problems like malfunctioning systems, data loss, or onward infection that goes unseen until it causes harm elsewhere

Empower your cyber security with ITSM solution

While ITSM solutions are not security tools as such, they play a key role in meeting the Security Essentials certification requirement and, more importantly, increasing the overall cybersecurity of your organization. An ITSM solution can help you better manage reported risks and incidents and prevent new ones based on historical data and risk analysis. Whether you're getting ready for Cyber Essentials (Plus) certification, ISO 27001 or simply looking to enhance your cybersecurity, we're eager to demonstrate how ALVAO ITSM can help to support your goals.