With ever evolving threats and in a world of point products and ‘silver bullets’, it can prove challenging to work out priorities and chart a course through the minefield of IT security. Our Security Review service exists to work out the right course for your organisation with a vendor-agnostic approach that maps to your organisations risk levels and ambitions.
Most organisations will carry out a detailed security review every 2-3 years with interim updates to track progress every year.
When on-site we will conduct interviews with your staff to establish your organisations cyber-security maturity in key areas.
Additionally, we will perform network vulnerability scans against infrastructure and a representative sample of your end-user-devices to check compliance with vulnerability management and secure configuration standards.
Where required we can tailor our services to meet your specific needs; for example, meeting and exceeding the requirements of security accreditations like the NCSCs Cyber Essentials Programme. The review will be carried out by a certified security consultant with extensive experience. Security reviews are made of an on-site data capture phase and an off-site report writing phase. While on-site we will need a space to perform interviews with the relevant members of staff and suitable network access for our laptop running vulnerability scanning software.
Once complete, you will receive a report and supporting documents via our file transfer service. The report provides:
Following the delivery of your report, your assigned consultant will present the findings to you; often we see organisations have already begun to implement improvements or ‘quick wins’ based upon the conversations during the on-site phase. Following this presentation and at an agreed upon time we’ll hold a further follow up call to answer any outstanding questions you might have and establish the next steps.