With the growing risk of cyber-attack, organisations of all sizes are looking to build on their existing security measures. However, in a world of jargon, limited internal resources and tight budgets, it can be difficult to build out a roadmap for success.
Our Cyber Security Posture Assessment addresses this by using a proven methodology mapped against mitigations for real world cyber-attacks.
Many organisations struggle on where to start with a cyber security roadmap. Although there is plenty of information within the public domain, it can be hard to judge what will provide the best protections for your environment as vendors promote competing products and services.
Our Cyber Security Posture Assessment builds on trusted frameworks from the National Cyber Security Centre’s (NCSC) Cyber Essentials programme and the Centre for Internet Security® (CIS) Controls™ to gauge the maturity of your organisation’s current security posture. With this maturity level set and based upon the size and future goals of your organisation, we can map out a prioritised list of measures, technologies and processes that can better prepare your organisation to reduce the risk of a successful cyber-attack.
With the onsite days, we embark on a talking exercise while also dipping in and out of your current environment and technology to verify configurations. We also seek to understand the operation of the organisation and what part cyber security can play in enabling a high standard of service delivery. This takes the form of short interviews with the organisation’s leadership as well as a representative sample of end users.
In our follow up report, we identify projects which can be stood up to raise the organisation’s maturity level. Each project within the report is linked against the specific aspects of the assessment that it remediates and is scored from 1-3 against our risk and complexity matrix. In many cases, the first of these projects will seek to strengthen the deployment of software patches or deploy a stronger password policy. Enhanced control of network traffic typically follows through the use of TLS inspection, IDS/IPS and network segmentation/segregation. These projects will not seek to meet a ‘tick box’ required, but instead, meet the needs of the organisation and provide a real security benefit.
The duration of each engagement varies depending on the size and scope of your organisation and infrastructure. A typical engagement is three days on site with your IT team, followed up with a two day report writing process. Following delivery of the report, we also schedule a call to answer any questions.