Accelerated Cyber Security review and recommendations
For progressive Enterprises change is endemic and the drive to exploit benefits offered from new Cloud and Mobile technologies is inevitable.
Making data work and be easily accessible by Employees, Contractors and Suppliers is expected; but the need to protect Systems and Data is paramount. Cyber Security will have to remain a priority for the foreseeable future.
The Cyber Security architecture needed for this new digital transformation is evolving with terms such as secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA), and remote browser isolation (RBI), federated identity provider (FIP) encapsulating useful sub-architectures.
We consult with the Enterprise’s CISO and their team to learn about their concerns and share our knowledge and experience to help shape plans.
We learn from the Enterprise’s C- Suite their business priorities and feedback possible architecture options that minimise cyber security risk as well as providing independent review of current systems.
Our approach comprises interviews with C-Suite personnel after a suitable confidentiality agreement is signed.
We base our investigation on the general structure outlined in UK NCSC Cyber Assessment Framework (CAF) version 3, September 2019.
This document provides guidance and tools to address the following categories: Managing Security Risk, Defending Systems against Cyber Attack, Detecting Security Events, and Minimising Impact of Security Incidents.
Our key methodology is simple: to encourage the Enterprise to define their “Data Crown Jewels” and who should have access and then to have a plan to protect them.
Outputs expected are:
- Ensure alignment to good practice and compliance of standards
- Accelerate the delivery of outcomes, documents and plans
- Give objectivity, weight and credibility to work, opinions and budgets
- Identify opportunities to reduce spend and introduce opportunities and efficiencies
- Give industry wide perspectives
Our Requirements of You
* We assume that we will be given our requested information on the current and planned IT Architecture and knowledge of the main software and hardware employed.
* We also need to be informed of the Business Strategy and relevant Business Policies with at least one short interview with the CEO.
Our Commitments to You
* Provide support throughout service delivery using our World Class Professionals and Subject Matter Experts
* Provide high quality deliverables in a timely manner and in line with agreements upon engagement with the client [Any changes to this will be mutually agreed in writing, in advance, between all involved parties
* Provide deep insights and genuine value-add in all possible areas throughout the engagement
* Provide progress updates and feedback at regular intervals, agreed in advance or at the engagement ‘kick off session’
* Respect all personal and professional development of client team members throughout the engagement
- A report describing our findings and our recommendations along with supporting evidence.
- Availability for a post report interrogation by any interested panel.
Available Service Engagement Model
Project Based Engagement
Project based engagements operate on the basis of agreeing work and any outcomes or milestones for delivery in advance of commencement of any engagement in a ‘Statement of Work’. Prices are fixed for the agreed deliverables and should changes be required, these may incur changes to delivery costs. Payment for Project Based Engagements are agreed on a case-by-case basis, giving consideration to risk, contract value, client payment history, relationship longevity and duration.
Focus In On: Responsible for Cyber Security / CISO
New Areas of Value:
Make more informed, data driven decisionsHidden
Reduce Risk of fines, theft & Reputational DamageHidden
Improved Confidence in Role or functionHidden
Enable Better Business AgilityHidden
Provide more Innovative Solutions to the BusinessHidden
Lack of Strategic Alignment across BusinessHidden
Lack of access to relevant expertiseHidden
Lack of BudgetHidden
Resistance to ChangeHidden
Inflexible Legacy Systems & ProcessesHidden