Salus Logo


Getting into cyber can be a difficult and daunting task for any business. When working with clients there is often questions that are asked to give them clarity some of which are listed below.

Frequently Asked Questions


What is ethical hacking?

Ethical hacking, or white-hat hacking, is the legal practice of using hacking techniques to identify vulnerabilities and improve security in computer systems, networks, or applications, with permission from the system owner. Ethical hackers follow a code of ethics, use various techniques such as network scanning and password cracking, and must have strong knowledge of computer systems and security protocols. They work as consultants or employees for organisations to help protect against potential attacks by staying updated on the latest threats and vulnerabilities.

Do I need to achieve ISO 27001 accreditation?

ISO 27001 is not necessary a needed accreditation for all organisations. However, it has been seen to be a frequent obligation of many contracts as an applicable certification for organisations who handle any kind of confidential data such as personal information, financial data and intellectually property to ensure additional supply chain security and a level of trust for clients of all the businesses.

What is Cyber Essentials?

Cyber Essentials is a government backed scheme that is designed to help protect your organisation against a range of common Cyber-attacks. Cyber Essentials is provided in two levels, Cyber Essentials Basic and Cyber Essentials Plus. Cyber Essentials Basic is audited through a self-assessment questionnaire with Cyber Essentials Plus being an independently conducted audit of your cyber security controls.

Does Cyber Essentials take a long time to get?

The Cyber Essentials Self-assessment questionnaire will be issued and should only take around an hour to complete if you have prepared answers in advance. Once submitted our qualified assessors will aim to review your answers as soon as possible. If your submission is unsuccessful, you will have two working days to rectify any problems, revise your responses, and submit again.

How often do I need to undertake a penetration test?

The frequency of penetration testing requirements can vary depending on several factors, including industry regulations, the size and complexity of the organisation, and the risk tolerance of the business. In general, it is recommended to conduct annual penetration tests as a minimum.

Do I need an NCSC CHECK ITHC penetration test?

CHECK was developed for government departments, public sector bodies and the organisations with an IT Health CHECK (ITHC) providing assurances that your internal and external systems are protected from unauthorised access or changes and that they are secured to prevent unauthorised access to HMG government data.

How long does penetration testing take?

The duration of a penetration test can vary depending on several factors, such as the size and complexity of the system or network being tested, the scope of the engagement, and the number and skill level of the testers involved. Typical penetration tests can take anywhere from a few days to several weeks to complete. The duration is not always indicative of the quality or thoroughness of the test; what matters most is that experienced and skilled testers tailor the testing approach to your organisation's specific needs and requirements, ensuring comprehensive coverage and providing valuable insights and recommendations to improve your security posture.

What is the difference between CHECK and CREST?

CHECK and CREST are UK-based organisations that offer certification and accreditation for cybersecurity professionals and companies, with a focus on high standards of quality and professionalism. CHECK is government-backed and primarily focuses on penetration testing, while CREST offers certification in several areas of cybersecurity and accredits companies and individuals that meet certain standards. Both organisations provide assurance to customers and stakeholders, helping build trust and confidence in their cybersecurity capabilities.

Why do I need to change my password?

Cyber essentials guidance dictates that if you suspect an account has been compromised then password changes should be conducted to ensure that unauthorised access is remediated. When setting a new password, the NCSC recommend the use of three random words with the additional use of MFA. Using a password manager can help generate and store strong passwords for each account, making it easier to manage and maintain good security habits.

Why do I need cyber security?

Cybersecurity is crucial for protecting sensitive data, ensuring business continuity, meeting regulatory compliance, enhancing customer trust, and staying competitive. Implementing robust cybersecurity defences helps safeguard confidential information from unauthorised access, theft, and misuse, minimising the risk of downtime due to incidents, and avoiding potential fines and legal penalties. Demonstrating a commitment to cybersecurity can build trust with customers and stakeholders, and staying up to date with emerging threats and best practices gives organisations a competitive advantage in their industry.

Can I work with the Government without Cyber Essentials?

To bid for Government contracts that involve handling sensitive and personal information as well as the supplying of certain technical products and services, you will require Cyber Essentials Certification.

Where do I start with getting cyber security for my business?

To get started with implementing cybersecurity for your business, conduct a risk assessment, develop a cybersecurity policy, implement technical safeguards, train employees on best practices, and establish an incident response plan. Consider consulting with cybersecurity professionals to ensure measures are tailored to your specific needs and comply with relevant regulations or industry standards. Regularly assess vulnerabilities and perform penetration testing to identify and address weaknesses in your defences.

Why have I seen cheaper quotations for a service from competitors?

There could be various reasons for receiving cheaper quotations from competitors, such as differences in scope of work, quality, pricing models, overheads, profit margins, and experience levels, among others. While lower prices may seem attractive initially, they can lead to subpar service, increased risks, or higher long-term costs due to additional charges or fees. Therefore, it's crucial to evaluate quotes based on value rather than just price alone, considering factors such as the provider's reputation, experience, quality of service, and potential risks. Additionally, being aware of bait and switch tactics can help avoid unexpected charges or fees that could result in higher overall costs.

Do we need to implement a cyber security framework

Implementing a cybersecurity framework can offer numerous benefits for organisations seeking to manage cyber risks and protect digital assets, providing a systematic approach that improves risk management, increases regulatory compliance, enhances credibility and trust, enables better incident response, and promotes continuous improvement. With various frameworks such as NIST CSF, ISO 27001, and CIS Critical Security Controls available, the choice depends on specific needs and requirements, as well as industry-specific regulations and standards. Overall, implementing a recognised cybersecurity framework is recommended to strengthen an organisation's cybersecurity posture and safeguard digital assets.

What is a SOC?

A Security Operations Centre (SOC) is a centralised team formed of cyber security professionals tasked with the responsibility of monitoring, triaging, investigating and then resolving security incidents as they appear throughout your network.

Implementing seems a major dedication for our business, what is the best way to get commitment?

Implementing cybersecurity measures can seem like a significant commitment for your business, but obtaining buy-in and commitment from stakeholders is essential to ensuring long-term success. To achieve this, build a strong business case that highlights the benefits of implementing cybersecurity measures and the potential costs of not acting. Engage with key stakeholders early and often throughout the implementation process, providing training and education to help build understanding and promote buy-in. Emphasise the risks of non-compliance and celebrate successes and milestones to build momentum and commitment. Finally, communicate regularly and transparently, fostering a culture of cybersecurity throughout the organisation to ensure long-term engagement and success.

What is NCSC verified?

The National Cyber Security Centre (NCSC) in the UK offers a verification scheme to help organisations demonstrate their commitment to cybersecurity best practices. There are three levels of verification under the NCSC scheme: Cyber Essentials, Cyber Essentials Plus, and IASME. Achieving NCSC verification indicates that an organisation has met certain cybersecurity standards, including implementing technical measures, managing risks effectively, and providing adequate training and education for staff. By obtaining NCSC verification, organisations can build trust with customers and stakeholders, demonstrate their commitment to cybersecurity best practices, and ensure appropriate steps are taken to protect data and systems.

Who are Salus?

Salus are a Cyber Security Consultancy firm based in Cheltenham offering a wide range of services from Penetration testing, governance, and assurance as well as a newly formed Security Operations Centre!

What is ISO 27001?

ISO 27001 is a certification used to demonstrate that an organisation follows international standards and best practices for information security management and can provide additional confidence to customers and suppliers.

Tailored Services to Transform Your Journey

Our services are tailored to meet your unique needs. They will accompany and enhance every step of your cyber security journey. From inception to realisation, we're committed to providing solutions that empower and transform, ensuring your path is one of progress and success. Our inclusive culture fosters a diverse pool of talents, ensuring we possess extensive skills. With high client retention rates, customers consistently return to us year after year because they feel reassurance through leveraging our services.

Here to Help
Tell Us Your Priorities!