Information & Cyber Security Assessment

Knowing where to start with information security can be challenging. If you don’t have specialists in-house, it can be difficult to know whether you have good baseline security practices and controls in place and whether there are threats or vulnerabilities that you haven’t addressed.

Our security assessment services can help you understand whether your security posture is sufficient. We can help you identify and understand your information security risks, pinpoint areas for improvement and provide recommendations to follow. Because no two organisations are the same, we tailor every assessment to the client’s specific objectives. Common standards or guidance we use to assess an organisation’s security posture are as follows:

  • NCSC Cyber Essentials Scheme (available here)
  • NCSC 10 Steps to Cyber Security Guidance (available here)
  • NCSC Cloud Security Principles Guidance (available here)
  • NCSC & ICO GDPR Security Outcomes Guidance (available here)
  • ISO 27001: 2013 and ISO 27002 (more information here)
  • NIST Cyber Security Framework (available here)
  • SAFEcode Fundamental Practices for Secure Software Development Guidance (available here)

Our Methodology

Preparation

Before starting an assessment, we carry out a scoping exercise with you during which we’ll discuss and agree the standard or guidance to compare your security posture and security working practices against and the scope of the engagement. We’ll also discuss and agree the number of consultancy days required to deliver the service. The number of days will depend on the type and scope of the assessment and your objectives.

Specialist Expertise

A specialist information security consultant will scope and lead the engagement. The consultant will be supported by other specialists where appropriate (such as data protection specialists).

At the outset we gather information about your organisation. This is important to understanding the nature and sensitivity of the information assets you hold, the information systems you use, the regulatory environment in which you operate and the potential impact of a security incident on your organisation. During the assessment, our consultant will gather information from your stakeholders in a variety of ways, depending on the size, locations and nature of your organisation.

Detailed Report & Debrief

Once we have the required information, we’ll create and provide you with a written report setting out our consultant’s findings and prioritised recommendations. We measure your current state using our maturity model. We also arrange a post report review meeting with you, at which we’ll present our findings, answer any questions you have and discuss next steps.

Ongoing support

Following your security assessment, we can support you to remediate the issues identified by our consultant. Our specialists can help prepare and manage an ongoing ‘get well’ programme of activities, assist with strategy and help with ongoing privacy programme management. We can also schedule follow-up assessments to help you track improvements in your security posture over time.

icon

Need a Security Assessment?

Please get in touch. You can call us or request a call back using our contact form. We’d love to talk with you and promise no hard sell.

Get In Touch

Our other Information & Cyber Security Services