Security Review

Security Review

With ever evolving threats and in a world of point products and ‘silver bullets’, it can prove challenging to work out priorities and chart a course through the minefield of IT security. Our Security Review service exists to work out the right course for your organisation with a vendor-agnostic approach that maps to your organisations risk levels and ambitions.

Why do I need a security review?

  • You know you need to do ‘more security’ but don’t know where to start
  • You are looking to take a holistic approach to security instead of focusing on point products or silver bullets
  • You want to arrange a penetration test but want to make sure you get value for money by increasing defences ahead of a test
  • The unthinkable has happened and you need to identify areas for improvement fast.


When should I have a security review?

Most organisations will carry out a detailed security review every 2-3 years with interim updates to track progress every year.


What will you do?

When on-site we will conduct interviews with your staff to establish your organisations cyber-security maturity in key areas.

Additionally, we will perform network vulnerability scans against infrastructure and a representative sample of your end-user-devices to check compliance with vulnerability management and secure configuration standards.

Where required we can tailor our services to meet your specific needs; for example, meeting and exceeding the requirements of security accreditations like the NCSCs Cyber Essentials Programme. The review will be carried out by a certified security consultant with extensive experience. Security reviews are made of an on-site data capture phase and an off-site report writing phase. While on-site we will need a space to perform interviews with the relevant members of staff and suitable network access for our laptop running vulnerability scanning software.


What will you get?

Once complete, you will receive a report and supporting documents via our file transfer service. The report provides:

  • An executive summary with an overview of key strengths and weaknesses alongside an example of how a successful cyber-attack might impact your organisation
  • Your responses for the CIS Critical Security Controls
  • Your 3-year plan for cyber security success which makes specific recommendations on the technologies and practices to adopt to detect and prevent successful cyber-attacks.
  • The supporting document include:
  • A completed MITRE ATT&CK matrix which shows where your organisation has protections against the techniques and tactics threat actors are known to use in cyber-attacks. The results of authenticated and un-authenticated vulnerability scans against your infrastructure and a representative sample of your end-user-devices
  • The results of automated policy and configuration checks.

Following the delivery of your report, your assigned consultant will present the findings to you; often we see organisations have already begun to implement improvements or ‘quick wins’ based upon the conversations during the on-site phase. Following this presentation and at an agreed upon time we’ll hold a further follow up call to answer any outstanding questions you might have and establish the next steps.

Security Review