• Home
  • Free cyber health check
  • Services
  • Meet the team
  • Our Successes
  • More
    • Home
    • Free cyber health check
    • Services
    • Meet the team
    • Our Successes
  • Home
  • Free cyber health check
  • Services
  • Meet the team
  • Our Successes

Our Services

Cyber Risk Assessment

 This more detailed assessment typically follows an initial healthcheck, and goes into much more detail about your cyber security position. The main benefit of these workshops it to speak to your business areas to discus your cyber security exposure and to agree on an approach to fix any significant areas of weakness. The assessment typically includes the following business areas:

  

1. Directors and senior stakeholders

2. Your IT Department and any IT Security functions

3. Finance

4. HR

5. Compliance and audit

6. Business user (often a sample)


Asset identification: what are you so called Crown Jewels – data assets that are key to your business. Where are they stored and how are they used.


Impact of a security incident: Should there be a confidentiality breach, an unauthorised change or denial of access, what would be the impact to your business. (Confidentiality, integrity and availability – or CIA – are the cornerstones of data security)


Controls assessment: how are these assets protected from a breach – are these controls effective, are they monitored, do they cover all assets. These will be covered initially at a high level following the control areas below.


Threat assessment: what parties are likely to attempt to compromise your assets (either intentionally or not), how might they do this, how and how motivated would they be to do this.


Risk assessment: factor all of the above areas into a single view of your cyber risk posture. A set of risks will be identified, and for each, the likelihood of the risk materialising and the business impact of it


Risk remediation: work with the business to agree on a set of tasks to reduce these risks to an acceptable level. Security controls typically have a cost – both in terms of financial cost and operational impact – so it is essential to agree on the ‘sweet spot’ where risk is reduced to an acceptable level without breaking the bank. 

Security teaming and CISO as a service

  Security teaming and CISO-as-a-Service provides organisations with on-demand access to technical and senior cyber security resources without the cost and commitment of hiring these full-time. It allows companies to flex their security team as required and the CISO as a service provides an experienced CISO as a focal point for cyber security within your organisation and offers expert guidance across cyber security topics as required. The service can be delivered flexibly—part-time, project-based, or as an ongoing virtual CISO function—depending on business needs. 


The CISO can also operate as an experience contact for liaising with regulatory and legal organisations as required. 

Cyber remediation oversight and delivery

 Cyber security controls, such as Server hardening, Data loss prevention rules and firewall configuration can be fairly complex and esoteric in nature. We therefore offer a team of experts to help you navigate through this area, to help you get to the right place and to interpret these cyber security controls into commonly understandable business speak.


  • Server and operating system hardening
  • Firewall rule definition
  • Monitoring and alerting tuning
  • Phishing and other user testing
  • User access review procedures

Monitoring, reporting and Continuous improvement

"I have no known security weaknesses"

declared one happy CISO (Chief Information Security Officer) when I met with him some years ago. Of course, anybody who believes they do not have any weakness are somewhat deluded but the main issue is that in most cases it is due to them not looking hard enough for them. 


Our cyber security monitoring, MI and continuous improvement service offering helps you gather and report on the right information to know whether your security controls are actually doing their job and to communicating what it means if they are not. The final step is of course to assist you in making changes to reduce the alerts or similar that you are encountering (no point identifying issues and not addressing them).


The work typically includes the following:

  

  • Cyber KPIs (Key performance indicators – data showing how secure you are) and dashboards (graphical representations of these KPIs for each of assimilation).
  • Trend and risk reporting – is it getting worse or better, is this normal for a company such as us
  • Maturity assessments – how effective are our controls, how can we improve them (both in terms of making them more effective and more efficient to operate)
  • Improvement planning and tracking

User Education and Awareness

Your staff are your primary cyber protection

  

Most people think of cyber security as a technology issue but your users are your most critical protection against a cyber security incident; they can also be your biggest vulnerability for such an attack. This service endeavours to move from the latter to the former using training, presentations and practical assessments as required. This service includes:


  • Security training sessions
  • Phishing simulations
  • Role-based guidance
  • Behaviour improvement tracking

Red teaming

The challenge with typical penetration testing techniques is that they often focus on a specific (and often narrowly defined) target for the test, typically a single website or business area. Unfortunately, your adversaries don’t tend to play by the rules and will use any method of entry available and typically the easiest way in (why bother trying a more difficult route). This is why our badge includes a chain as, and please excuse the cliché, you are only as strong as your weakest link. 

Adversarial threats have evolved recently to attempt all available access routes into an organisation, as opposed to the standard network attack. Why go through the hassle of a network attack if you can simply get a user account to login with.


Red teaming is a modern method of cyber security testing which tries all routes into you company to simulate how an attacker would approach it. Note that some attackers may spend a significant amount of time, effort and possibly money and so a tenacious attacker using modern attack techniques and vectors (typically referred to as an APT – Advanced persistent threat) may still gain access eventually, this assessment will ensure that your company is not an easy target for such an attack. This test typically includes:

  

  • Standard network protection
  • Physical access control
  • Remote user access (via laptops or personal PCs)
  • Third parties
  • Social media and personal footprinting
  • Weak passwords and Mult-factor usage.


Cyber Security Resiliency

The best time to deal with an incident is 6 months before it occurs

 Despite all of your best efforts, 100% security is impractical if you want your business to operate in a meaningful and realistic way. Cyber security controls can only get you so far so you also need to plan and be ready for the worst – what do we do if and when we are attacked. Scary as this is, you can prepare for such an attack to minimise the business impact should it occur.

  

Planning and testing will get you a long way in being resilient to such an attack. The main defence mechanism you have is to BACKUP YOUR DATA SECURELY, and of course to check that you can recover your systems from these backups. Our experience tells us that once an attacker gets onto a network they attempt to find online backups and either destroy them or render them unusable (typically to encrypt them) so that any ransomware attack is effective.  We advocate some form of physical or offline backup (weekly) to mitigate this risk.


In addition, we can assist you with checking that your backups are effective and recovery from them gives you an acceptable level of data and service loss. Although we try to avoid excessive acronyms, we find that use of RTO (Recovery time objective – how quickly should your systems be back up) and RPO (what is the acceptable level of data loss following an incident and recovery from backups) are really useful in ensuring that the correct level of backup and resiliency exists for your needs. There is typically always a trade off between cost, service overheads and RTO and RPO.


Incident management is also a major consideration in this space. This covers – how do we know we have an incident and what do we do about it in a timely manner to reduce the impact of it. It is useful to run through likely scenarios (typically occurring at 3 am on a bank holiday Monday) and how they should be dealt with. We advocate a set of printed and readily available process documents to use if needed along dry running your incident response to check it works effectively.


  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept