The report ends with best practice recommendations resonating with the ones found in the Cyber Essentials program. As it stands the UK does not have any cyber security certification, no reference point to measure against and no single agreed guidance to look up to. The Cyber Scheme initiative is the first step to a one-for-all policy, with the only hope that it will not turn to represent yet another compliance headache for SMEs, but an actual support line for the business sector.
CREST, working with CESG the information security branch of GCHQ has developed an assessment framework which is now available for consultation. The full scheme along with the assessment framework and the accreditation badge will be available in summer 2014.