ANSecurity’s information security practice is led by subject matter experts with over two decades of experience helping organisations both large and small across the public and private sector.
We have completed hundreds of successful projects that include high profile household names within various industries such as finance, manufacturing, healthcare, higher education and local & central government. We also hold high level technical accreditations for many leading technology vendors including Cisco, Microsoft and Palo Alto Networks to ensure that our security assessment, training and recommendations are applicable to a wide range of IT environments.
In a typical engagement, our team will come to your offices for one to two days where we will meet with your staff and work through the assessment questionnaire. Through our experience with Cyber Essentials, we can ensure that the answer to each question is an accurate representation of your environment. We will also work with you to ensure that policies and processes are being applied correctly, and help you to define those polices and processes suitable for your business if these are not already in place.
In our follow up report, we will identify projects which can be stood up to remediate any areas that aren’t compliant with the Cyber Essentials assessment. Each project within the report is linked against the specific questions in the assessment that it remediates and is scored from 1-3 against our risk and complexity matrix. In many cases, the remediation can be deployed using technologies you already have (for example with Microsoft Group Policies) – the report will highlight where this is true.
Many cyber-attacks can be thwarted through the effective implementation of key controls. The Cyber Essentials assessment verifies that these controls are in place for your organisation. The key areas of interest are:
• Perimeter and client firewalls
• Secure configuration of devices
• Control of access to data
• Malware defences
• Keeping devices and software up to date
Organisations looking to obtain the higher level Cyber Essentials Plus (CE+) accreditation are subject to an onsite assessment by IASME. This assessment includes:
• Authenticated vulnerability scans
• Manual checks of software versions of installed applications
• Testing the effectiveness of the ability to block a sample of potentially malicious files
• Test emailing potentially malicious files
• Verification that any guest networks are segregated from the corporate network
For organisations that are simply interested in having the questions completed, the work takes a single day which we carry out with you on site. We typically aim to combine this onsite day with a firewall health check or similar review. For organisations looking to take it to the next level, we conduct a one or two day on site readiness assessment which is used to compile a comprehensive report. Following delivery of the report, we also schedule a telephone call to answer any questions.