What is a Cybersecurity Review?
To meet the ever-increasing range of cyber threats facing today’s businesses, a robust security infrastructure and forward-looking security processes are essential. In order to help businesses build and test their infrastructure and processes, organisations should conduct a comprehensive Cybersecurity Review performed by independent, expert information security consultants.
Nettitude’s Cybersecurity Review is based on the National Cyber Security Centre (NCSC) 10 steps framework, a nationally recognised standard for businesses to ensure the security of their infrastructure.
Does your organisation need a review?
Not all breaches create a negative impact, with some cases resulting in no material impact – such as no data is lost and no services are impacted. However, government reports show that of all the businesses that identified a data breach, half are impacted. The damages of such breaches include costs ranging from over £3k for a small business, to £22k for a large business.
When businesses who reported that their work was impacted by a breach, many reported that it prevented employees from completing their day-to-day duties. Taking these figures into account, you might assume that businesses are still failing to recognise the need for cybersecurity. To some extent this is true, however three quarters of businesses surveyed say that cybersecurity is a priority for them. Despite this, just over a third have responsibility for cyber security assigned at board level, nearly 20% never update their senior staff on cyber security, and just under 3 in 10 businesses provide their employees with security awareness training.
Whilst many businesses claim to have some of the basic cyber-essential controls in place, the frequency of breaches suggests this figure may not be entirely accurate. This could be because organisations believe their controls are in place, however in reality they are not effective.
Benefits of a Review
A cybersecurity review, performed by a Nettitude Information Security Consultant, can help organisations gain better visibility and greater assurance that the controls and governance they have in place are effective. Some of the main benefits include:
- Evaluate board-level awareness
- Assessment against the 10 Steps scheme
- Recommendations from our in-house certified experts for each step of the process
- Identify quick win areas
- Recognise existing good practices
We’re aligned to the National Cyber Security Centre “10 Steps to Cyber Security”, and can also consider ISO27001:2013 if required (our consultants are all ISO27001 Lead Auditor certified).
About the 10 Steps to CyberSecurity Scheme
The Ten Steps scheme was developed by the National Cyber Security Centre (NCSC) and originally published in 2012. Since its release, it has been adopted by the majority of FTSE350 companies, to help them to address common cyber-attacks, with a view to reducing the risk to the enterprise. The NCSC believe that understanding the cyber environment and adopting an approach aligned with the 10 Steps scheme is an effective means to help protect your organisation from attacks.
What will Nettitude deliver?
Nettitude will deliver an on-site, or remote, assessment against the NCSC Ten Steps. An Information Security Consultant will review the organisation against each of the ten steps, and produce a report detailing the findings. Recommendations will be provided wherever required.
The following is delivered as part of this service.
- On-site or remotely-delivered cybersecurity review
- Led by Information Security Consultant
- Review organisation against the 10 Step requirements and other applicable areas
The 10 Steps/Areas that will be evaluated are:
- Risk Management Regime
- Secure configuration
- Network security
- Managing user privileges
- User education and awareness
- Incident management
- Malware prevention
- Removable media controls
- Home and mobile working
In addition to reviewing against the NCSC’s 10 steps, we can also include other applicable areas as needed, including:
- Secure development practices
- Physical security
- Third-party risk
- Cloud security, including Office 365
- Alignment to ISO27001 Annex A controls
Our team of consultants are experienced information security professionals who hold a wide array of professional certifications including CISSP, PCI DSS QSA, CISA, CISM, CRISC, ISO27001 Lead Auditor & Implementer, as well as a wide range of technical certifications. Our broad information security and technical backgrounds mean we are able to consult as well as assess and support our clients with tasks as diverse as policy writing, network design, development processes, and server hardening.
To enquire about a Nettitude Cybersecurity Review, please get in touch with the team.
Get a free quote