Our assessment framework is based on the guidance provided by the NCSC’s Small Business Guide and 10 Steps to Cyber Security. In addition, we have taken the best practices from the ICT industry as well as the requirements of Cyber Essentials to form 2 levels of assessment that will depend on your risk appetite, give you the confidence to know how vulnerable your business is.
In either case, a set of pre-assessment questions will be asked followed by further details examinations of the systems and infrastructure.
Additionally, we install our Threat Analyser unit that is specifically configured to simply monitor the inbound and outbound traffic of the network. The resulting report will include threats, botnets, vulnerabilities, as well as user activity in terms of what websites and applications users are accessing.
The Basic Assessment is designed to fulfil the NCSC Small Business Guide topics, as well as additional points we feel, are required. It gives businesses a clear understanding of their defence against Cyber Attacks.
The Full Assessment is fundamental in preparing a business for accreditation for the following standards; Cyber Essential, Cyber Essentials Plus, ISO/IEC 27001, Payment Card Industry (PCI DSS) and General Data Protection Regulation (GDPR). Both the Basic and the Full assessments are is broken down into the NCSC’s 10 Steps to Cyber Security.
The findings will enable you to balance the risk to the business of potential loss or harm related to IT and show where changes and improvements need to be implemented to mitigate these potential risks. The analysis will report the findings with “traffic Light” indications so that the most pressing items can be clearly seen and a phased plan of improvements outlined. Our approach will be pragmatic and we will be able to provide practical solutions to any required IT changes.
Once the assessment is complete, we can refer you to independent assessors will help for the policies and processes needed to ensure your business complies with the required standards demanded of the business.
It is our view that Security is a Process, not simply a Product and that every business needs to have IT Security on its radar and routinely reviewed. We know that no matter how hard we try to protect ourselves there is always a possibility that a security breach could occur. However, by reducing our exposure to threats and being harder to attack we reduce the risk significantly.