Barclays has become the first major organisation to gain the new Government Cyber Essentials certification for its Digital Banking services, including MyBarclays, BMB, and Pingit. The certification was awarded to Barclays following assessment of its security by certification-body Gotham Digital Science (GDS). GDS is accredited by CREST to carry out Cyber Essentials and Cyber Essentials Plus certification services.
“We identified this new government scheme as an important part of our plans to help customers in the digital age transact completely safely and securely.” said Philip Sowter, Mobile Banking Director at Barclays. “We are pleased to be involved with the scheme and to have been recognised by the Cyber Essentials Certification. We are working with GDS towards the Cyber Essentials Plus certification.”
To demonstrate basic cyber hygiene and reach Cyber Essentials certification through GDS, Barclays Digital Banking had to complete the Cyber Essentials Questionnaire. An external perimeter vulnerability scan was also carried out, which is an additional requirement for Cyber Essentials certification that is mandated by CREST.
“For Barclays the process was straightforward because of the existing security processes it already had in place, along with ISO27001 certification of the Digital Banking business,” said Justin Clarke, managing director of GDS. “The certification gives Barclays an opportunity to showcase its leadership in digital banking, and reinforces the importance the bank places on protecting customer assets and data.”
“The Cyber Essentials scheme is unique because it has been developed as a collaboration between the UK government and the very best cyber security professionals in the UK,” said Ian Glover, President of CREST. “These professionals utilised their years of experience and invested their own time to extract the security standards that should be applied to all businesses, regardless of size. It is important that large consumer-facing organisations like Barclays embrace the scheme and I congratulate them on their early certification.”
The Cyber Essentials Scheme is part of UK Government’s National Cyber Security Strategy and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate risks from internet-borne threats. Systems that fall within its scope include internet connected end-user devices such as desktop PCs, laptops, tablets and smartphones, and internet connected systems including email, web and application servers. By successfully going through a Cyber Essentials assessment, organisations not only lower their risk of serious data and financial loss, but by displaying the Cyber Essentials badge they demonstrate to customers that they have taken steps to be fundamentally cyber safe.
For more information visit:
About CREST
By setting these demanding standards, CREST gives organisations buying penetration testing or cyber security incident response services the confidence that the work will be delivered by trusted companies and qualified individuals with up-to-date knowledge, skills and competencies to the mitigate threats from the latest vulnerabilities and attack techniques. The CREST Cyber Security Incident Response Scheme (CSIR) is endorsed by GCHQ and CPNI. The scheme focuses on appropriate standards for incident response aligned to demand from all sectors of industry, the public sector and academia. The CREST Security Architecture examination is formally recognised under the UK CESG Certified Professional Scheme.
Working alongside the Bank of England (BoE), CREST has developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions. CBEST is the first of initiative of its type to be led by any of the world’s central banks.
About Gotham Digital Science
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.