Protecting your business data, identity and reputation from cyber-attacks has never been more important than it is today.
Our dedicated cyber security and organisation maturity assessments use the experience of more than 20 years in IT security. Packaged and delivered to your executive team for a fully independent review of IT, security, cyber and business processes, it’s the most comprehensive way to assess what you are doing well and where we can help you to add further security and protection.
Free Cyber Security Assessment
Why not take advantage of our free Cyber Security Assessment? This no-obligation assessment is designed to give you an overview of your current cyber security levels, along with expert recommendations and advice to help you take the next steps. This assessment is conducted hassle-free via two online conference calls and a short questionnaire – an ideal way to kick-start your cyber security strategy. Please get in touch with us via our contact form or email email@example.com to book an assessment.
Organisational Maturity Assessments
As an organisation grows and departments expand, technologies, security, and processes change. It is important to understand how technology is used within the workplace and know if all departments understand their responsibilities. Using this type of assessment it can help identify how each section of the company is aware of cyber security, data security, data classification, data leakage, supplier management, workforce management or training and how this is administered and if there are training gaps within a department. This assessment focuses on 10 core domains under the Cyber Security Capability Maturity Model (C2M2):
- Risk management
- Asset, change and configuration management
- Identity and access management
- Threat and vulnerability management
- Situational awareness
- Information sharing and communication
- Event and incident management, continuity of operations
- Supply chain and external dependencies management
- Workforce management
- Cyber security programme management
How it works
We conduct an informal interview-based session looking at policy owners, the people that carry out those policies and the senior management who agree and sign off the policies. The report follows the C2M2 which is a standard framework and methodology that assesses an organisation’s approach to cyber security. The outputs of the assessment provide a valuable foundation if you are considering adopting one of the many formal information security standards such as ISO 27001 or the NIST Cybersecurity Framework, as the content of C2M2 correlates well with these other standards.
Free Security Scan
We offer a full public domain scan of your domain, resulting in a free report that gives you a high-level overview of what public information is available both on the internet and dark web including some information on your public websites. This is a light-touch security assessment and is often quite revealing.
Public discovery testing is performed to collect publicly available personal and/or sensitive data about the company. This information is usually accessible to every internet user. Such information is then tested with the possibility of data theft in mind. Simple and quick, this activity exposes basic security risks that your organisation may be open to.
Get in touch via our contact form or email us on firstname.lastname@example.org to ask us about our security scans.
Vulnerability and Security Testing
We can also carry out vulnerability and penetration testing including web application testing for all your internal and external infrastructure and applications. In an ever changing world of security challenges having your solutions tested and assessed on a regular basis is key to maintaining your systems and to protect your business data.
We can offer this as a managed service monthly, quarter or yearly and if required, on a per project basis. We produce a comprehensive public discovery report (PDR), full assessment report and executive summary to management teams. These assessments are then listed in order of priority highlighting risks and exposure to evolving threats.
Uncovering vulnerability gaps in security and the need for training is so important. We can help with ensuring the information produced by these assessments are easy to understand and we can help with executing and planning new solutions.
Discover, identify, and classify the vulnerabilities and security weaknesses in your organisation’s computer, network, or communications infrastructure. Vulnerability assessment provides an insight into your organisation’s current state of security, and the effectiveness of any countermeasures in place.
This is a crucial test and is automatically included on all our assessments.
This service tests the security controls of your organisation by simulating an attack which a hacker might undertake to exploit the weaknesses in your network and applications. We identify the external and internal vulnerabilities which would give access to the critical assets of the organisation.
In addition, we validate the configurations of your IT assets and produce a list of known vulnerabilities present in the systems and applications and mitigate them before they are exploited by adversaries.
We also simulate a real hacking event to test the strength of existing security defences and countermeasures.
Web Application Testing
Also referred to as web application vulnerability scanning, this is an automatic security program that searches for software vulnerabilities within web applications. The software first crawls and builds a software construct of the entire website. This gives the scanner an insight into the application, which then performs an automatic audit for common security vulnerabilities by launching a series of web attacks. The consultants then manually verify these security vulnerabilities.
- Identifies security vulnerabilities and issues that exist in customer’s web site using a vulnerability scanner.
- Issues identified by the vulnerability scanner are manually inspected and reported.
- External web application scanning is performed remotely against your organisation’s public website(s). Our consultants configure the vulnerability scanner to scan the web application and the identified vulnerabilities are verified manually.
Corporate Risk Management
Risk management is important in any organisation because without it a firm cannot possibly define its objectives for the future.
We understand the goal of risk management is to make sure that the company only takes the risks that will help it achieve its primary objectives while keeping all other risks under control, governed, and documented.
We assist with the design, build, and run a corporate risk management framework, risk registers and risk assessments – we can come in and hit the ground running for your business to maintain moving forward.
Having a robust and tested business continuity plan is not only good practice; it proves to your customers and suppliers that you are a mature and proactive business. We can review your plans and procedures, expand them where appropriate and arrange for testing or put a strategy in place to ensure your organisation builds and maintains its continuity plans on an ongoing basis.
Virtual Security Officer
Employing dedicated security teams and security officers is costly. That’s why we support SME and growing businesses with our Virtual Security Officer (or vCSO) service, providing you with a dedicated professional to act as your security team and take care of your IT and data security activities.
We offer remote and on-site training for your IT teams and business staff. This training is designed specifically for your needs, and cover cyber security topics, industry trends and different attack vectors. We recommend these are conducted annually to ensure your people are up to date. Training can also be offered as part of your standard induction process.
Recent additions to these courses include topics for distributed work forces, working from home and protecting the corporate assets in this new post-pandemic era.