Cyber – Qualifi

The Government-endorsed Cyber Essentials scheme enables organisations to be certified independently for having met a good-practice standard in cyber security.

Web Dev — Sat, 22 Mar 2025 16:36:00 +0000

Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats.

https://www.gov.uk/government/publications/cyber-essentials-scheme-overview

Cyber Essentials

The Government-endorsed Cyber Essentials scheme enables organisations to be certified independently for having met a good-practice standard in cybersecurity. It requires them to enact basic technical controls across five areas: boundary firewalls and internet gateways, secure configurations, user access controls, malware protection, and patch management (applying software updates). The survey findings show that half of all businesses (51%) have implemented all of the technical controls under Cyber Essentials. Charities are less likely than businesses to have implemented all of the Cyber Essentials technical controls (29%, versus 51% of businesses).

The Government worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls to help organisations protect themselves against common online security threats.

The full scheme, launched on 5 June 2014, enables organisations to gain one of two Cyber Essentials badges. It is backed by industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses.

Cyber Essentials is suitable for all organisations, of any size, in any sector.

From 1 October 2014, Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme.

As a first step in preparing your organisation to apply for the badges, you may wish to consider looking at the qualifications and training available via Qualifi Awarding Organisation (Ofqual regulated) www.qualifi.net and the Global Cyber Academy.

Ray Brogden, COO of Qualifi Awarding Organisation invites you as an interested individual, company representative or employee to make contact in regard to the qualifications, funding for eligible learners, student loan recognition and education entitlement associated with the qualifications and courses available. ray@qualifi.net

Cybersecurity further education and higher education research

Web Dev — Thu, 26 Jan 2023 16:42:00 +0000

Organisations are being asked about the teaching and learning of cybersecurity in further and higher education institutions to inform UK Government policy.

https://www.gov.uk/government/publications/cyber-security-further-education-and-higher-education-research?utm_source=5e1fae92-21a0-43a3-a130-b29d3c84ff07&utm_medium=email&utm_campaign=govuk-notifications&utm_content=immediate

Details

The Government is undertaking research to understand the provision of teaching of cybersecurity in further and higher education. Part of this work includes surveys and interviews to understand the landscape and provision of cybersecurity courses and modules in further and higher education institutions. This will help to inform future Government policy.

The Centre for Strategy & Evaluation Services (CSES) and the Cyber Security Team from Oxford University has been commissioned to carry out the survey fieldwork. This Government-funded research is taking place between June and August 2018. The Centre for Strategy & Evaluation Services (CSES) will contact further and higher education institutions to participate in an online survey and interviews

Further and higher education institutions invited to participate

Further and higher education institutions across England have been asked to take part in the research. All further and higher education institutions, even those who do not provide cyber security courses, are included in the survey. This will ensure the findings are representative of all organisations.

Employees asked to participate

CSES is inviting the senior person within these institutions, with the most knowledge or responsibility for course/module content and delivery. This could be the Head of Department or Course Leader. Participating individuals and organisations will be anonymous. There is no technical IT knowledge required to take part.

Participants will be invited via an email from CSES.

Survey methodology

Individuals who agree to participate on behalf of their organisations will take part in an online survey and potentially telephone interview with a CSES employee. The online survey will take no more than 10 minutes to complete and the interview will take roughly 15 minutes at a time that is convenient to the participant.

Ray Brogden, COO of Qualifi and Advisory Council member of the Global Cyber Academy (GCA) invites you to visit the Qualifi website to access information relating to the available RQF Cyber Security qualifications ( https://qualifi.net/qualifications/ )and for additional information please also visit the GCA website at https://www.globalcyberacademy.com/

National Cyber Security Strategy 2016 – 2021

Web Dev — Thu, 12 Jul 2018 16:44:00 +0000

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf

Cyber Security, a burgeoning sector with skills shortages, employment and career opportunities.

Extracts from the National Cyber Security Strategy 2016 -2021 below:

“The future of the UK’s security and prosperity rests on digital foundations. The challenge of our generation is to build a flourishing digital society that is both resilient to cyber threats, and equipped with the knowledge and capabilities required to maximise opportunities and manage risks.

Our vision for 2021 is that the UK is secure and resilient to cyber threats, prosperous and confident in the digital world”.

To realise this vision the Government has pledged to work to achieve the several objectives including developing an innovative, growing cyber security industry, underpinned by world leading scientific research and development. The aim being to have a self-sustaining pipeline of talent providing the skills to meet national needs across the public and private sectors. Cutting-edge analysis and expertise will enable the UK to meet and overcome future threats and challenges. The paper goes on to state:

“We will use the authority and influence of the UK Government to invest in programmes to address the shortage of cyber security skills in the UK, from schools to universities and across the workforce”.

“The UK needs a vibrant cyber security sector and supporting skills base that can keep pace with and get ahead of the changing threat.”

“Insufficient training and skills – We lack the skills and knowledge to meet our cyber security needs across both the public and private sector. In businesses, many staff members are not cyber security aware and do not understand their responsibilities in this regard, partially due to a lack of formal training. The public is also insufficiently cyber aware”.

“We also need to develop the specialist skills and capabilities that will allow us to keep pace with rapidly evolving technology and manage the associated cyber risks. This skills gap represents a national vulnerability that must be resolved.”

“The Government will invest to maximise the potential of a truly innovative UK cyber sector. We will do this by supporting start-ups and investing in innovation. We will also seek to identify and bring on talent earlier in the education system and develop clearer routes into a profession that needs better definition.”

“The UK requires more talented and qualified cyber security professionals. The Government will act now to plug the growing gap between demand and supply for key cyber security roles, and inject renewed vigour into this area of education and training”

“The UK needs to tackle the systemic issues at the heart of the cyber skills shortage: the lack of young people entering the profession; the shortage of current cyber security specialists; insufficient exposure to cyber and information security concepts in computing courses; a shortage of suitably qualified teachers; and the absence of established career and training pathways into the profession. This calls for swift intervention by the Government to help address the current shortage and develop a coherent long-term strategy that can build on these interventions to close the skills gap.”

“We will develop and implement a self-standing skills strategy that builds on existing work to integrate cyber security into the education system. This will continue to improve the state of computer science teaching overall and embed cyber security into the curriculum. Everyone studying computer science, technology or digital skills will learn the fundamentals of cyber security and will be able to bring those skills into the workforce. As part of this effort, we will address the gender imbalance in cyber-focused professions, and reach people from more diverse backgrounds, to make sure we are drawing from the widest available talent pool”.

“The UK Government and Devolved Administrations have a key role in creating the right environment for cyber security skills to be developed and to update the education system to reflect the changing needs of industry and government. But employers also have a significant responsibility to clearly articulate their needs, as well as train and develop employees and young people entering the profession”

“the Government will invest in a range of initiatives to bring about immediate improvements and inform the development of the long-term skills strategy. These include:

establishing a schools programme to create a step change in specialist cyber security education and training for talented 14-18 year olds (involving classroom-based activities, after-school sessions with expert mentors, challenging projects and summer schools);
creating higher and degree-level apprenticeships within the energy, finance and transport sectors to address skills gaps in essential areas;
establishing a fund to retrain candidates already in the workforce who show a high potential for the cyber security profession;
identifying and supporting quality cyber graduate and post graduate education, and identifying and filling any specialist skills gaps – acknowledging the key role that universities play in skills development;
supporting the accreditation of teacher professional development in cyber security. This work will help teachers, and others supporting learning, to understand cyber security education and provide a method of externally accrediting such individuals;
developing the cyber security profession, including through achieving Royal Chartered status by 2020, reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy;
developing a Defence Cyber Academy as a centre of excellence for cyber training and exercise across the Ministry of Defence and wider Government, addressing specialist skills and wider education;
we will work with industry to expand the CyberFirst programme to identify and nurture the diverse young talent pool to defend our national security; and
embedding cyber security and digital skills as an integral an integral part of relevant courses within the education system, from primary to postgraduate levels, setting standards, improving quality and providing a firm foundation for onwards progression into the field.
Measuring success
The Government will measure our success in strengthening cyber security skills by assessing progress towards the following outcomes:
there are effective and clear entry routes into the cyber-security profession, which are attractive to a diverse range of people;
by 2021 cyber security is taught effectively as an integral part of relevant courses from primary to post-graduate level;
cyber security is widely acknowledged as an established profession with clear career pathways, and has achieved Royal Chartered Status;

As a student, employee or employer, start your cyber journey through the opportunities afford you through the work of the Global Cyber Academy https://www.globalcyberacademy.com/ and Ofqual regulated Awarding Organisation, Qualifi https://qualifi.net/ . A collaboration that has developed Cyber Security qualifications at Level 2,3,4 and soon to be available Level 5. Qualifications dependent upon level and candidate eligibility that are Education and Skills Funding Agency, Adult Education Budget and Advanced Learner Loan recognised.

For further information relating to the qualifications referred to above, funding, delivery approval, access to resources, staff training etc please contact Ray Brogden at ray@qualifi.net

Cyber Security Breaches Survey 2018

Web Dev — Tue, 10 Jul 2018 14:23:00 +0000

A survey detailing business and charity action on cyber security and the costs and impacts of cyber breaches and attacks.

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018.

Highlighting the continued pressure that businesses are under from cyber-attacks as well as what they are – or are not – doing to defend themselves against threats.

Qualifi Awarding Organisation (Ofqual regulated) has in collaboration with The Global Cyber Academy developed qualifications including Level 2, 3 and 4 and the soon to be available Level 5. The qualifications are fundable for eligible candidates via the Education and Skills Funding Agency at Levels 2 and 3, Adult Education Budget at levels 2 and 3 or through Advanced Learner Loans at levels 3, 4 and 5. For further information regarding funding and access / approval of delivery please contact ray@qualifi.net

Extracts below:

“Awareness raising and engagement among wider staff is also important. As in 2017, the most disruptive breaches are most commonly spotted by individual staff members rather than picked up automatically by anti-malware programmes. Organisations in the qualitative survey also noted the importance of regular and targeted training for all staff. However, in reality staff training remains rare; just two in ten businesses (20%) and even fewer charities (15%) have had staff undertake any form of cyber security training in the past year. Furthermore, businesses in this latest survey are less likely to have responded to breaches with additional staff training than in 2017”.

Key findings include:

Training has not increased, with only a fifth (20%) of businesses having had staff attend any form of cyber security training in the last 12 months, with non-specialist staff being particularly unlikely to have attended.
43% of UK businesses reported breaches or attacks in the last 12 months (compared to 46% last year), but large businesses are under siege with 72% affected
Fewer 27% of UK businesses have a formal cyber security policy in place this year (compared to 33% last year)
The average (mean) cost of breaches with such outcomes is £3,100 (almost double from last year), large businesses lose an average of £22,300
The most common forms of attack affecting UK businesses were Fraudulent emails (75%), hackers impersonating an organisation online (28%), Viruses, spyware or malware (24%) – on a special mention, ransomware dropped to from 17% to 15% this year
It is worth noting that the proportion of businesses saying cyber security is a low priority has fallen since 2016 (from 30%, to 24% in this survey), indicating that it is now on the agenda for more businesses. More specifically, in this latest survey, more small businesses say it is a very high priority than in the 2017 survey (up from 33% to 42%).
Just over a third (35%) of businesses have staff whose job role includes information security or governance. Compared to businesses overall, a similar proportion of charities (38%) employ specialist staff.

Staff training

A fifth (20%) of businesses have had staff attend internal or external training on cyber security in the last 12 months, which is similar to previous years. The overall figure comprises 12 per cent of businesses providing internal training, seven per cent offering external training and 10 per cent where staff attended seminars or conferences. This is lower for charities (15%). Specifically, nine per cent of charities provide internal training, seven per cent external training, and eight per cent had staff attend seminars or conferences.

It is worth noting that businesses that report cyber skills gaps are less likely than average to have sent staff on cyber security training (12% of businesses that report skills gaps have done so, versus 20% overall). A similar difference exists among charities, albeit with smaller sample sizes. This suggests that organisations that have identified a problem with skills gaps have not necessarily taken steps to address it through offering training.

Organisations are most likely to send directors or senior management staff on cyber security training, and this is more common among businesses than charities, as Figure 4.9 indicates. Across businesses, this proportion is lower among medium businesses (63%, versus 76% for the average business) and large businesses (59%). Among businesses, the figure for directors or senior management is similar to 2017, although a lower proportion of businesses offer training specifically to IT staff than in the 2017 survey.

It is considerably rarer for non-specialist and non-senior staff to attend this kind of training, both in businesses and charities. In addition, just seven per cent of charities offered such training to any volunteers. This contrasts with findings from the qualitative survey, which highlighted that many organisations wanted all their staff to be vigilant of cyber security threats.

Barriers to training

The qualitative survey also raised several barriers to training, including cost, format, regularity and not seeing the need for training:

There was a sense that induction training, irregular training, or training that was not mandatory could be easily forgotten. There were various examples of good practice to combat this. One smaller organisation arranged individual sessions with every staff member. One had moved towards more targeted training, making staff go on training courses only after they had failed an internal penetration test with a fake phishing email. Another organisation required all their staff to complete an annual online module on cyber security, and non-completion meant that they would not be eligible for their yearly bonus.
Cost and logistics meant that face-to-face training sessions were difficult, and some wanted or had already adopted more video training sessions or webinars. This matches similar findings from the 2017 qualitative research with charities.

Ray Brogden COO of Qualifi would like to point out that through the work of Qualifi and the Global Cyber Academy, Regulated Qualification Framework qualifications that are affordable, fundable (subject to eligibility), accessible via online blended approaches and flexible in order to respond to employer and candidate needs are available now. For further information contact Ray Brogden ray@qualifi.net