CS6P05 · London Metropolitan University · 22041369

Cyber Essentials
Readiness Toolkit

A structured, evidence-based framework for UK SMEs preparing for Cyber Essentials certification. Assess your gaps before the assessor does.

50

Questions

5

CE Controls

7

Templates

~80%

Threats blocked

The five control areas

Every question maps directly to an official NCSC Cyber Essentials v3.3 requirement.

01

Firewalls

10 questions

02

Secure Config

10 questions

03

Update Mgmt

10 questions

04

User Access

10 questions

05

Malware

10 questions

What this toolkit does

Tanasiom Aegis translates NCSC/IASME requirements into an actionable readiness workflow for non-technical SME decision-makers.

🎯

Accurate scoring engine

Yes=2 / Partial=1 / No=0 / N/A excluded from denominator. Critical-fail detection auto-flags automatic-fail conditions before you apply.

📊

Visual results dashboard

Doughnut score ring, radar chart across all 5 controls, per-control bar breakdown, and a full CRITICAL/HIGH/MEDIUM gap list with remediation actions.

📄

Downloadable templates

7 policy documents and implementation guides — Password Policy, MFA Guide, Patch Procedure, User Access Matrix, Incident Response, Firewall Rules, and Scope Definition.

Repository overview

This project is hosted at github.com/ddt-Tanasie and contains four structured folders:

📁

01_Documentation

Proposal, interim report, literature review, wireframes, references

📁

02_Toolkit

Assessment questionnaire, gap report, evidence pack, guidance documents

📁

03_Dashboard_Prototype

This interactive web dashboard (you are here)

📁

04_Evaluation

TechStart case study, before/after results, testing evidence

What to expect from the assessment

50 questions across the 5 CE control areas — roughly 15–20 minutes
Each question explains the NCSC requirement in plain English with a practical hint
6 critical questions flag automatic-fail conditions (MFA, 14-day patches, admin accounts, etc.)
Results include overall %, per-control breakdown, radar chart, and prioritised gap list
Export a plain-text gap report with your student ID embedded for submission evidence

Dumitru Tanasie · 22041369 · dut0032@my.londonmet.ac.uk
BSc Computer Networking & Cyber Security · London Metropolitan University · Supervisor: Dr Subeksha Shrestha
Module: CS6P05 Final Year Project · Academic Year 2025–26
Tanasiom Aegis is a pre-certification readiness tool. It does not replace formal IASME/NCSC certification assessors.

Firewalls

1 / 50

Assessment complete

—%

—

Control area scores

Readiness radar

Gap analysis & remediation roadmap

Templates & guidance documents

Policy documents and implementation guides aligned with the five CE control areas. All mapped to your repository's 02_Toolkit folder.

Repository browser

ddt-Tanasie / Tanasiom-Aegis-CE-Readiness-Framework · MIT License · 46 commits

📁 01_Documentation Reports · Literature review · Wireframes ▶

📄Project_Proposal_22041369.pdfPDF

📄Interim_Report_22041369.docxDOCX

📄Literature_Review_Notes.mdMD

📄Source_1_NCSC_2026_Extraction.mdMD

📄Source_2_IASME_2025_Extraction.mdMD

📄Project_Justification.mdMD

🖼Wireframes_Dashboard_v1.pngPNG

📊Evidence_Table.xlsxXLSX

📁 02_Toolkit Assessment questionnaire · Gap report · Guidance docs ▶

📋Initial_Assessment_Questionnaire.docxDOCX — 50 questions across 5 CE controls

📊Gap_Assessment_Report_Template.docxDOCX — Prioritised gap + remediation roadmap

📊Scoring_Matrix.xlsxXLSX — Yes/Partial/No/N/A scoring by control

📄Firewall_Configuration_Guide.pdfPDF — CE Control 1 implementation

📄MFA_Implementation_Guide.pdfPDF — Mandatory for cloud services

📄Patch_Management_Procedure.pdfPDF — 14-day rule enforcement

📊Patch_Tracking_Template.xlsxXLSX — Track patch dates vs CVSS scores

📄Password_Policy_v1.docxDOCX — NCSC-aligned password policy

📊User_Access_Control_Matrix.xlsxXLSX — All accounts, types, MFA status

📄Incident_Response_Policy.docxDOCX — Malware / breach response procedure

📄Scope_Definition_Template.docxDOCX — CE scope boundary document

📄Monitoring_Review_Checklist.docxDOCX — Ongoing CE compliance checklist

📁 03_Dashboard_Prototype Web app · This interactive dashboard ▶

🌐index.htmlHTML — You are here (GitHub Pages entry point)

📄README.mdMD — Deployment and usage guide

📁 04_Evaluation Case study · Before/after results · Testing evidence ▶

📄Simulated_SME_Profile_TechStart.docxDOCX — TechStart Solutions Ltd profile

📊Baseline_Assessment_Results.xlsxXLSX — Pre-toolkit: 42% overall score

📊Post_Toolkit_Assessment_Results.xlsxXLSX — Post-toolkit: 92% overall score

📄Evaluation_Narrative.docxDOCX — Chapter 5 write-up

📄Testing_Plan.docxDOCX — Test cases and expected outcomes

📄 Root files README · LICENSE · .gitignore ▶

📄README.mdMD — Repository overview and setup guide

📄LICENSEMIT License

📄.gitignoreStandard Node / Python ignores

Project information

Student

Dumitru Tanasie · 22041369
dut0032@my.londonmet.ac.uk
BSc Computer Networking & Cyber Security
London Metropolitan University

Module & supervisor

CS6P05 Final Year Project
Supervisor: Dr Subeksha Shrestha
Academic Year: 2025–26
Submission deadline: 31 March 2026

Evaluation results

Simulated SME: TechStart Solutions Ltd
Baseline readiness: 42% (Not Ready)
Post-toolkit: 92% (Ready)
Improvement: +50 percentage points

Key references

National Cyber Security Centre (2026) Cyber Essentials: Requirements for IT Infrastructure v3.3. London: UK Government.
IASME Consortium (2025) Cyber Essentials Certification. Available at: https://iasme.co.uk/cyber-essentials/
IASME Consortium (2025) Cyber Essentials Plus Test Specification v3.2. Malvern: IASME Consortium Ltd.
Beazley (2023) Cyber Risk for Small and Medium Enterprises. London: Beazley Group.
IDC (2023) SME Security Challenges and Technology Adoption Survey. Framingham, MA: IDC.
IACIS (2024) Cybercrime Impact and Trends Affecting Small Organisations. IACIS.
NIST (2024) NIST Cybersecurity Framework 2.0. Gaithersburg, MD: NIST.
BCS (2023) Code of Conduct. Available at: https://www.bcs.org
Hevner et al. (2004) 'Design science in information systems research', MIS Quarterly, 28(1), pp.75–105.
Von Solms & Van Niekerk (2013) 'From information security to cyber security', Computers & Security, 38, pp.97–102.

Cyber EssentialsReadiness Toolkit

The five control areas

What this toolkit does

Repository overview

What to expect from the assessment

Control area scores

Readiness radar

Gap analysis & remediation roadmap

Templates & guidance documents

Repository browser

Project information

Key references

Cyber Essentials
Readiness Toolkit