Barclays has become the first major organisation to gain the new Government Cyber Essentials certification for its Digital Banking services, including MyBarclays, BMB, and Pingit. The certification was awarded to Barclays following assessment of its security by certification-body Gotham Digital Science (GDS). GDS is accredited by CREST to carry out Cyber Essentials and Cyber Essentials Plus certification services.
“We identified this new government scheme as an important part of our plans to help customers in the digital age transact completely safely and securely.” said Philip Sowter, Mobile Banking Director at Barclays. “We are pleased to be involved with the scheme and to have been recognised by the Cyber Essentials Certification. We are working with GDS towards the Cyber Essentials Plus certification.”
To demonstrate basic cyber hygiene and reach Cyber Essentials certification through GDS, Barclays Digital Banking had to complete the Cyber Essentials Questionnaire. An external perimeter vulnerability scan was also carried out, which is an additional requirement for Cyber Essentials certification that is mandated by CREST.
“For Barclays the process was straightforward because of the existing security processes it already had in place, along with ISO27001 certification of the Digital Banking business,” said Justin Clarke, managing director of GDS. “The certification gives Barclays an opportunity to showcase its leadership in digital banking, and reinforces the importance the bank places on protecting customer assets and data.”
“The Cyber Essentials scheme is unique because it has been developed as a collaboration between the UK government and the very best cyber security professionals in the UK,” said Ian Glover, President of CREST. “These professionals utilised their years of experience and invested their own time to extract the security standards that should be applied to all businesses, regardless of size. It is important that large consumer-facing organisations like Barclays embrace the scheme and I congratulate them on their early certification.”
The Cyber Essentials Scheme is part of UK Government’s National Cyber Security Strategy and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate risks from internet-borne threats. Systems that fall within its scope include internet connected end-user devices such as desktop PCs, laptops, tablets and smartphones, and internet connected systems including email, web and application servers. By successfully going through a Cyber Essentials assessment, organisations not only lower their risk of serious data and financial loss, but by displaying the Cyber Essentials badge they demonstrate to customers that they have taken steps to be fundamentally cyber safe.
For more information visit:
About CREST
CREST is a not-for-profit organisation that represents the technical information security industry. As part of this, CREST provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services. CREST member companies must undergo a rigorous assessment and certification process that looks at methodologies, legal and regulatory standards, staff vetting and data handling. CREST qualified individuals have passed rigorous professional level examinations that demonstrate their knowledge, skill and competence. The company assessment and individual qualifications are underpinned by meaningful and enforceable code of conduct. All examinations and processes have been reviewed and approved by CESG, the Information Security arm of GCHQ
By setting these demanding standards, CREST gives organisations buying penetration testing or cyber security incident response services the confidence that the work will be delivered by trusted companies and qualified individuals with up-to-date knowledge, skills and competencies to the mitigate threats from the latest vulnerabilities and attack techniques. The CREST Cyber Security Incident Response Scheme (CSIR) is endorsed by GCHQ and CPNI. The scheme focuses on appropriate standards for incident response aligned to demand from all sectors of industry, the public sector and academia. The CREST Security Architecture examination is formally recognised under the UK CESG Certified Professional Scheme.
Working alongside the Bank of England (BoE), CREST has developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions. CBEST is the first of initiative of its type to be led by any of the world’s central banks.
About Gotham Digital Science
Gotham Digital Science (GDS) is an information security consulting firm that works with clients to provide flexible and customised solutions to identify, prevent and manage security risks. GDS specialises in security testing, software security and helping our clients build more secure software. With offices in both New York and London, Gotham Digital Science can seamlessly assist clients on both sides of the Atlantic.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.