Our Cyber Security Assessments are tailored to your specific risk environment and provide an expert view of your security posture and exposure to cyber threats. The assessments cover your business processes, people and technology.

The Assessments are based on the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) an internationally recognised framework that enables organisations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving security and resilience.

Our Cyber Security Assessments provide a mechanism to:

• Describe your current cyber security posture.
• Describe your target state for cyber security.
• Identify and prioritise opportunities for improvement within the context of a continuous and repeatable process.
• Assess progress toward the target state.
• Communicate among internal and external stakeholders about cyber security risk.

The NIST Framework is organised by five key Functions – Identify, Protect, Detect, Respond and Recover. These five functions, when considered together, provide a comprehensive view of the lifecycle for managing cybersecurity risk over time.

• Identify - Develop an organisational understanding to manage cyber security risk to systems, assets, data, and capabilities.
• Protect - Develop and implement the appropriate safeguards to ensure continued operation of your organisation.
• Detect - Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
• Respond - Develop and implement the appropriate activities to react to a detected cybersecurity event.
• Recover - Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security event.

The bespoke nature of our Cyber Security Assessments allows us to include other security standards and frameworks such as Cyber Essentials, NCSC Cyber Assurance Framework (CAF) and ISO 27001, as well as data protection legislation (UK GDPR).

Each assessment is concluded with a formal report consisting of an executive summary and a detailed list of our findings. Any identified risks are prioritised in terms of their impact to your organisation and actionable recommendations are provided to support remediation activity.

‍