We need your support to keep TheyWorkForYou running and make sure people across the UK can continue to hold their elected representatives to account.

Donate to our crowdfunder


Department for Culture, Media and Sport written question – answered on 27th February 2017.

Alert me about debates like this

Photo of Andrew Gwynne Andrew Gwynne Shadow Minister without Portfolio (Cabinet Office), Campaigns and Elections Chair

To ask the Secretary of State for Culture, Media and Sport, whether the Cyber Essentials scheme includes protections against (a) structured query language injection and (b) other code vulnerabilities.

Photo of Matthew Hancock Matthew Hancock Minister of State (Department for Culture, Media and Sport) (Digital Policy)

The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme requires software running on computers and network devices to be kept up-to-date and have the latest security patches installed: this is designed to protect against known code vulnerabilities.

Although Cyber Essentials is intended to provide a good basic level of cyber security, it does not represent a full cyber risk management regime, which is something set out in the more comprehensive ‘10 Steps to Cyber Security’ guidance. As part of the regular reviews of all cyber security standards, the Government considers whether Cyber Essentials needs to be updated to reflect other risks. The value of Cyber Essentials lies in its simplicity and it is important to balance this against breadth and depth of controls.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.