...
Whole of business focused
People focused
Risk focused
Not overly prescriptive
Can just get started
Can do good enough (Levels 1 to 3)
Build in an Incident Response plan from the ground up
Built with small businesses in mind
Can be done with limited specialised software (eg Backup may be needed)
Not the only things that can and should be done
Cyber Wardens CyberWardens is
Mainly focused on Training.
A bit simplistic in some areas.
But can be good for the very basics.
Information is a bit jumbled and spread out over different areas. Eg I used the Reflections Notebook, the Cyber Security Action Plan the Cyber Wardens CyberWardens Toolkit documents for this review. Maybe it should all be one document.
Is supported by COSBOA but the COSBOA Cybersecurity page is woeful.
ID Care is
Free to small businesses.
You get to talk to a real person and they ask hard questions, and give very helpful advice.
Pretty comprehensive.
Has the added level of support for breaches or incidents.
They will search for your email addresses that have been compromised and let you know what to do about it.
Essential 8 is
Only really relevant to government departments, or highly regulated industries.
Not relevant to many businesses
Designed for a specific purpose - to be the government's controls.
IT Specific, not whole of businesses
Not people focused
Easy to be seen as an IT project, not a business implementation
Doesn’t support the overall culture of Cybersecurity in the Organisation
Focused on Microsoft products only
Focused on businesses with On Prem
Requires specialist software (eg Vulnerability Scanning, Asset Discovery)
Doesn’t easily support BYOD
Difficult for businesses that are not up to date with technology and using old systems
Can be disruptive to users
Very prescriptive
Doesn’t go broad enough for small businesses
Does not focus on the basics that small businesses needs
Is all about product and not about process