0333 444 0881
0333 444 0881

NCSC CERTIFIED PROFESSIONALS

 

The NCSC (National Cyber Security Centre) CESG Certified Professional (CCP) scheme is primarily aimed at public-sector organisations that must use a government-approved Cyber Security Professionals, and at private-sector organisations that have to provide assurance that the services they provide are secure. We offer the following CCP consultancy services:

1. Cyber Security Risk Assessment

2. Cyber Security Risk Management

3. Cyber Security Architecture

1. CYBER SECURITY RISK ASSESSMENT SERVICE

The risk assessment process identifies, analyses and evaluates risk, and ensures that the cyber security controls you choose are appropriate to the risks your organisation faces. Conducting a risk assessment can be a complicated undertaking, especially for organisations that don’t know what standard to measure their efforts against. Our team of qualified cyber security advisers will provide business-driven consultation on the overall process of assessing information risk. They will offer support, guidance and advice in the following areas:

  • Identifying the assets that require protection. Identifying relevant threats and weaknesses.
  • Identifying exploitable vulnerabilities. Assessing the level of threat posed by threat agents.
  • Determining the business impacts of risks being realised. Producing a security risk assessment.
  • Advising on a risk acceptance threshold or level of acceptance.
  • Advising on suitable control implementation.

Cyber risk assessment should be a continual activity. A comprehensive enterprise security risk assessment should be conducted at least once a year or when significant changes occur to the business, the IT estate, or legal environment to explore the risks associated with the organisation’s information systems. An enterprise security risk assessment can only give a snapshot of the risks of the information systems at a point in time.

WHO IS THE CYBER RISK ASSESSMENT SERVICE FOR?

 

A Risk Assessment Consultancy can be performed on organisations of any size – small, medium-sized and large enterprises – where the IT infrastructure includes a combination of complex legacy systems and newer operating systems whose interoperability is not always seamless.  It is particularly useful to public-sector organisations such as the NHS, HMRC, MOD, MOJ, local councils and other government agencies that provide multiple services across different channels to diverse groups of users – the interchange of personal data across different platforms requires greater vigilance and methods of protection.  A cyber risk assessment is an explicit requirement of the most important standards and regulations and at the very least, it is indirectly implied in others. Some of these standards and regulations include ISO 7001(ISMS), GDPR, PCI, DSS, NIS Directive, HMG, Security Policy Framework (SPF), 10 Steps to Cyber Security, 14 Steps to Cloud Security and 20 Critical Controls for Cyber Defence.

OUR RISK ASSESSMENT SOFTWARE

 

Cyber Smart Associate’s Risk Assessment Software Tool has been proven to save huge amounts of time, effort and expense when tackling complex risk assessments.The tool enables consistent and speedy generation of Technical Risk Assessment outputs that can be used to support a variety of downstream activities, including generation of risk based security requirements, support to technical design authority options assessments for investment cases, proof of concepts, development of security enforcing functions for new products / architectures, Privacy Impact Assessments and ongoing changes in a product group, delivery programme, or service.  It streamlines the risk assessment process to deliver consistent and repeatable cyber security risk assessments every time.

Explore The Toolkit

HOW WE CAN HELP

 

Cyber Smart Associates specialises in providing best-practice action plans, consultancy services, risk assessment, risk management and compliance solutions with a special focus on cyber resilience, data protection, cyber security and business continuity. In an increasingly punitive and privacy-focused business environment, we are committed to helping businesses protect themselves and their customers from the perpetually evolving range of cyber threats. Our deep industry expertise and pragmatic approach help our clients improve their defences and make key strategic decisions that benefit the entire business. Additionally we are duly recognised under the following frameworks: UK government Digital Outcomes & Services (DOS3) framework supplier  Cyber Essentials certified, the UK government-backed cyber security certification scheme.

 

Request a callback

2. CYBER SECURITY RISK MANAGEMENT SERVICE

Cyber risk assessment can be defined as the identification, analysis and evaluation of cyber risks. It studies and analyses the entire IT infrastructure and identifies possible vulnerabilities at the juncture of people, processes and technology, as well as vulnerabilities within the different systems. After the assessment has been made, the next logical step is risk management. Thus, a cyber risk management programme prioritises the identified risks in terms of likelihood of occurrence, then makes coordinated efforts to minimise, monitor and control the impact of those risks.

Cyber Smart Associates defines cyber risk as any event that can lead to data breaches, financial loss, reputational damage, and disruption of operations caused by a failure of technology systems and procedures. Risk management is an essential requirement of several of the most important information security standards and frameworks. Due to the nature and sensitivity of their business activity, the UK government requires compliance with these frameworks for both public and private sector organisations who aim to do business with the public sector.

Some of the information security initiatives that mandate a risk management framework include:

  • ISO 27001 : the international standard that sets out the specifications of an information security management system (ISMS). It uses a best-practice approach to address information security that encompasses people, processes and technology. The assessment and management of information security risks is at the core of ISO 27001.
  • NCSC’s 10 Steps to Cyber Security : a UK government initiative of 10 practical steps that organisations can take to improve the security of their networks and the information carried on them. Defining and communicating your Board’s Information Risk Management Regime is central to your organisation’s overall cyber security strategy and is Step 1 of the 10 steps.
  • 20 Critical Controls for Cyber Defence : the CIS 20 Critical Security Controls are a recommended set of actions for cyber defence that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. The 20 controls (and sub-controls) focus on various technical measures and activities. Step 4 specifically deals with risk assessment and management.
  • PCI DSS : applies to companies of any size that accept credit card payments. Protecting digital cardholder data requires adherence to all the PCI DSS data security standards. There are 12 PCI DSS compliant requirements that apply to “all system components included in or connected to the cardholder data environment” – i.e. the “people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data”. Requirements 5 and 6 deal with implementing and maintaining a vulnerability management programme, an essential part of risk management.

OUR CYBER RISK MANAGEMENT SERVICE

 

We will help you develop an information security risk management strategy, enabling you to take a systematic approach to risk management. This approach will reduce the associated risks to your information assets and protect your business from cyber threats. Our risk assessment service includes consultancy guidance and advice on developing suitable methods for managing risks in line with the international risk management standard, ISO 27005. This service will typically include the following:

  • Establishing internal and external risk context, scope and boundaries, as well as the choice of risk management framework.
  • Identifying and assessing risks in terms of their consequences to the business and the likelihood of their occurrence.
  • Establishing Communication lines with stakeholders to inform them of the likelihood and consequences of identified risks and risk status.
  • Establishing priorities for risk treatment and acceptance.
  • Establishing priorities to reduce the chance of risks occurring.
  • Establishing risk monitoring and risk review processes.
  • Educating stakeholders and staff about the risks to the organisation and the actions being taken to mitigate them.

WHO IS THE CYBER RISK MANAGEMENT SERVICE DESIGNED FOR?

 

A risk management consultancy can be performed on organisations of any size – small, medium and large enterprises – where IT infrastructure include a combination of complex legacy systems and newer operating systems whose interoperability is not always seamless. It is particularly useful to public-sector organisations such as the NHS, HMRC, MOD, MOJ, local councils and other government agencies that provide multiple services across different channels to diverse groups of users – the interchange of personal data across different platforms requires greater vigilance and methods of protection.

HOW WE CAN HELP

Cyber Smart Associates specialises in providing best-practice action plans, consultancy services, risk assessment, risk management and compliance solutions with a special focus on cyber resilience, data protection, cyber security and business continuity. In an increasingly punitive and privacy-focused business environment, we are committed to helping businesses protect themselves and their customers from the perpetually evolving range of cyber threats. Our deep industry expertise and pragmatic approach help our clients improve their defences and make key strategic decisions that benefit the entire business. Additionally we are duly recognised under the following frameworks: UK government Digital Outcomes & Services (DOS3) framework supplier  Cyber Essentials certified, the UK government-backed cyber security certification scheme.

 

Request a callback

3. CYBER SECURITY ARCHITECTURE SERVICE

THE SERVICE

 

Our team of cyber security experts can help in developing, designing and implementing secure architectures across IT systems, networks and applications. Our service includes consultancy support, guidance and advice on the following areas:

  • Identifying risks that arise from existing and future solution architecture design, and ensuring designs mitigate identified risks and adequate controls are applied across the solution.
  • Selecting the appropriate security products, components and technologies to meet a security requirement.
  • Identifying and solving weaknesses and major issues that occur in existing solutions and proposing alternative architecture solutions.
  • Incorporating public-sector best practice and the latest architectural frameworks, standards and protocols, e.g. TOGAF (The Open Group Architecture Framework), MODAF (MoD Architecture Framework), Zachman, 10 Steps to Cyber Security, Cloud Security Principles.
  • Ensuring compliance with key features of relevant security architectures.
  • Applying core security technologies, e.g. access control models, encryption, authentication techniques and intrusion detection. Information about security vulnerabilities and techniques for defending against them.
  • Designing and developing documented processes for maintaining the security of a system or solution throughout its full lifecycle.

HOW WE CAN HELP

 

With a strong background in working in Secure Systems Development & DevSecOps organisations, and extensive expertise in dealing with the private and public sectors, we are well placed to deliver the guidance and support required to meet the stringent requirements laid out by the UK government for information security and assurance. Get in touch with one of our experts today to find out how we can help you to develop and implement secure architectures across your IT systems, networks and applications.

 

Request a callback

Recent Project Example

Specialist Advisors To MOD Programme

This major MOD Programme involved development of a complex bespoke system for use in a high threat environment. Cyber Smart Associates helped the prime supplier deliver a fully compliant system in accordance with the MOD Policy and technical requirements in just under 6 months. The system subsequently achieved full accreditation and Cyber Smart Associates was asked to support the prime supplier on another project.