We've rebranded! Find out more about our rebrand to LRQA Nettitude here
Select Page

 CYBERSECURITY ASSESSMENT

LRQA Nettitude’s cybersecurity assessment services help you identify and understand potential security weaknesses that leave your organisation at greater risk from threats such as ransomware and data breaches.

Based on industry-standard good practices and guidelines such as the NIST Cybersecurity Framework and NCSC 10 Steps to Cybersecurity, our review will help identify technical and procedural vulnerabilities, and provide you with clear recommendations to address any gaps and reduce your overall risk levels.

Our experienced consultants work alongside your teams to get a real-world view of your security posture, focusing on your actual working practices through a ‘show and tell’ approach that goes well beyond tick-box auditing. Findings are presented in a clear and actionable format that will help you:

  • Understand your current position and vulnerabilities in your environment
  • Get better visibility of your maturity via a snapshot view provided in an Executive report
  • Gain a comprehensive understanding of areas for improvement via a detailed technical breakdown
  • Make strategic decisions and support the creation of an improvement plan
  • Identify tactical recommendations that help you to address any urgent issues and quickly reduce risk

Cybersecurity Assessment Process

A cybersecurity assessment can be delivered remotely or from your offices and can be tailored depending on your specific circumstances and objectives.

Project Initiation, scope identification, and planning
• Introduction to our team
• Create agenda for assessment
• Identify key resources, systems, data and assets

Conduct analysis
• Review documented policies and diagrams
• Conduct interviews with key personnel
• Technical and process observations

Reporting
• Executive summary providing high-level findings and recommendations
• Detailed findings with specific notes and actions

Debrief
• Consultant-led debrief session
• Review findings and what they mean for your organisation
• Discuss recommended next steps

Types Of Cybersecurity Assessment

LRQA Nettitude’s cybersecurity assessment services can be tailored to suit organisations of different sizes, and with differing concerns, priorities, and budgets.

NCSC 10 Steps Assessment
• Aligned to the NCSC’s 10 Steps to Cybersecurity
• Typically takes 3-5 days to complete
• Findings reported on a red-amber-green basis
• Identifies good practices as well as medium and high-risk findings
• Focuses on current implementations and working practices
• Details possible quick wins and recommendations for improvement

NIST Cybersecurity Maturity Assessment
• Based on the NIST Cybersecurity Framework (NIST CSF)
• Provides recommendations to develop your cybersecurity strategy and mature your capabilities to help manage and reduce risk
• Analyses capability maturity across all five NIST CSF functions
• Considers implementation (what you do) and policy (what you say you do) maturity
• Identifies high-risk areas where prioritised attention is required
• Feeds into the creation of an improvement plan and development of your cybersecurity strategy

Our Cybersecurity Assessment Methodology

Areas covered by our cybersecurity assessment services as standard are shown. Assessments can be tailored to meet specific requirements and expanded to include or focus on areas not listed below.

 

Comparison of NCSC 10 Steps and NIST CSF Maturity Analysis

NCSC 10 Steps Cybersecurity Assessment

• Risk management
• Identity and access management
• Engagement and training
• Data security
• Asset management
• Logging and monitoring
• Architecture and configuration
• Incident management
• Vulnerability management
• Supply chain security

NIST CSF Maturity Assessment

• Asset Management
• Business Environment
• Governance
• Risk Assessment
• Risk Management Strategy
• Supply Chain Risk Management
• Identity Management, Authentication and Access Control
• Awareness and Training
• Data Security
• Information Protection Processes and Procedures
• Maintenance
• Protective Technology
• Anomalies and Events
• Security Continuous Monitoring
• Detection Processes
• Response Planning
• Communications
• Analysis
• Mitigation
• Improvements

Methodology – NIST CSF Maturity Assessment

1. Project Initiation, scope identification, and planning

     

    • Introduction to LRQA Nettitude delivery team
    • Confirm priorities and scope for the analysis
    • NIST Cybersecurity Framework overview
    • Maturity level overview
    • Discuss your objectives and any specific areas of concern
    • Create a project plan and agendas
    • Identify relevant resources, systems, data, assets
    • Define target maturity levels

     

    2. Conduct analysis

     

    Maturity review aligned to NIST CSF functions

    Identify: It is crucial to establish a baseline understanding of the assets you are trying to protect
    Protect: Implementation of appropriate protective controls that protect your assets
    Detect: Your ability to detect cybersecurity incidents plays a crucial role in minimising the potential impact on your organisation
    Respond: The impact of cybersecurity incidents can be reduced by responding efficiently when they are detected. Timely responses can minimise the impact on operations, as well limiting financial and reputational damage
    Recover: Your organisation must be able to promptly recover and restore to business as usual

    • Review of written policies
    • Interviews with key personnel
    • Technical and process observations
    • Review of evidence to understand the current position

     

    3. Reporting

    • An executive summary report that provides an overview of the analysis process, recommendations, and suggested next steps
    • The report identifies your current position against the NIST CSF using a maturity model
    • Detailed findings for each NIST CSF category provided
    • Detailed findings are provided along with notes from our consultant and can be used to track progress
    • Notable findings highlighted where high-priority tactical changes are recommended to reduce risk

     

    4. Debrief

    • Consultant-led debrief session and Q&A
    • Review the findings of the analysis, recognising good practice and areas for improvement
    • Understand the findings and what they mean for your organisation
    • Discuss recommended next steps

    Methodology – NCSC 10 Steps Cybersecurity Assessment

    1. Project Initiation, scope identification, and planning

    • Introduction to LRQA Nettitude delivery team
    • Confirm priorities and scope for the analysis
    • Share agendas identifying resources required

    2. Conduct analysis

    • Review against the 10 Step requirements and other optional areas agreed
    • Interviews with key personnel
    • Technical and process observations

    3. Reporting

    • Report including an executive summary
    • Overview of the analysis process, recommendations, and suggested next steps
    • Identifies your current position against the NCSC 10 Steps using a red/amber/green rating
    • Detailed findings provided along with remediation recommendations
    • Notable findings highlighted where high-priority tactical changes are recommended to reduce risk

    4. Debrief

    • Telephone debrief session
    • Discuss the findings of the analysis and answer any follow-up questions
    • Discuss recommended next steps

    Get a free quote

    speak to our experts