Cyber Security Assessment by Surreytech consulting
Our Cyber Security Assessment Service has been specifically tailored for a business to rapidly assess their ability to identify, protect and defend their critical information against the most common forms of Cyber Attacks, helping to achieve a measurable reduction in risk.
Optionally, the Cyber Security Assessment can also include a security penetration test, of your external and internal infrastructure identifying technical vulnerabilities and weaknesses within your IT and Business Systems.
Led by our certified Cyber Security Consultants, our Cyber Security Assessment provides a structured on-site assessment of 10 key risk areas across your business covering people, process, technologies and procedures. This assessment has been created fully in-line with the NCSC 10 Steps to Cyber Security, with aligned to ISO27001.
The outcome of the Cyber Security Assessment will provide your organisation with a board-level report on the Cyber Risks facing your organisation, a prioritised list of actionable remediation actions, and a fully costed remediation plan & roadmap to move your organisation to a more acceptable level of risk.
- Provides your business with a snapshot of your key Cyber Security Risks
- Identifies areas requiring immediate attention, and cost-effective remediation solutions, in prioritised terms
- Provides a measure of Cyber Security Control maturity within your business as recommended by NCSC
- Assists with Cyber Security cost forecasting, and budget justification
Step 1: Pre Assessment Phase (Off- Site)
- Meeting with key staff members
- Walkthrough of engagement activities, and agree roles.
- Identify all required documentation to support
- Walkthrough of existing Information Security Policy (If Applicable)
- Walkthrough of existing Network Diagram
Step 2: Cyber Security Risk Assessment (On-Site)
- Identify the key Cyber Risks to your business
- Identify key digital assets, including Personally Identifiable Information (PII)
- Identify the key relevant cyber risks to the critical digital assets
- Identify your organisational appetite to Risk on a scale (Risk Adverse vs Risk Seeking)
- Identify the key Legal, Regulatory and Contractual obligations such as FCA, DPA etc
Step 3: Cyber Security Controls Assessment (On-Site)
- Perform an on-site review of controls in order to review the following 10 key areas of risk in-line with the NCSC 10 Steps to Cyber Security.
- Information Risk Management Regime
- Secure Configuration
- Network Security
- Managing User Privileges
- User Education and Awareness
- Incident Management
- Malware Prevention
- Removable Media Controls
- Home and Mobile Working
Step 4: Reporting (Off- Site)
- Preparation of Cybersecurity Health Check Report
Step 5: Stake Holder Review and Future Planning (Off-Site)
- Workshop or meeting walkthrough of findings with key stakeholders/team leaders.
- Define a vendor-neutral plan outlining tactical, and strategic changes required to improve Cyber Risk posture.
This work will vary; from internal changes, assisting and managing the changes, to recommending assistance from specific 3rd Party vendors.
- Total: 3- 5 days
- Onsite: 1- 3 days
- Remote: 1-2 days
- Cyber Security Assessment Executive Summary Report – high-level summary, overall Cyber Risk Status, identification of any critical issues and exposures, and a prioritised set of recommendations required to align with agreed business risk appetite.
- Cyber Security Controls Analysis– (In Place, Partially In-Place, Not In Place, Risk Exposure)
- Strategic Remediation Actions- Detailed set of recommendations, and options for remediation.
- Remediation Project Plan – High-level plan identifying the tasks, resources and proposed timeframes required to immediately reduce any identified exposures, and any strategic items identified above.