CYBERSECURITY ASSESSMENT
LRQA Nettitude’s cybersecurity assessment services help you identify and understand potential security weaknesses that leave your organisation at greater risk from threats such as ransomware and data breaches.
Based on industry-standard good practices and guidelines such as the NIST Cybersecurity Framework and NCSC 10 Steps to Cybersecurity, our review will help identify technical and procedural vulnerabilities, and provide you with clear recommendations to address any gaps and reduce your overall risk levels.
Our experienced consultants work alongside your teams to get a real-world view of your security posture, focusing on your actual working practices through a ‘show and tell’ approach that goes well beyond tick-box auditing. Findings are presented in a clear and actionable format that will help you:
- Understand your current position and vulnerabilities in your environment
- Get better visibility of your maturity via a snapshot view provided in an Executive report
- Gain a comprehensive understanding of areas for improvement via a detailed technical breakdown
- Make strategic decisions and support the creation of an improvement plan
- Identify tactical recommendations that help you to address any urgent issues and quickly reduce risk
Cybersecurity Assessment Process
A cybersecurity assessment can be delivered remotely or from your offices and can be tailored depending on your specific circumstances and objectives.
Project Initiation, scope identification, and planning
• Introduction to our team
• Create agenda for assessment
• Identify key resources, systems, data and assets
Conduct analysis
• Review documented policies and diagrams
• Conduct interviews with key personnel
• Technical and process observations
Reporting
• Executive summary providing high-level findings and recommendations
• Detailed findings with specific notes and actions
Debrief
• Consultant-led debrief session
• Review findings and what they mean for your organisation
• Discuss recommended next steps
Types Of Cybersecurity Assessment
LRQA Nettitude’s cybersecurity assessment services can be tailored to suit organisations of different sizes, and with differing concerns, priorities, and budgets.
NCSC 10 Steps Assessment
• Aligned to the NCSC’s 10 Steps to Cybersecurity
• Typically takes 3-5 days to complete
• Findings reported on a red-amber-green basis
• Identifies good practices as well as medium and high-risk findings
• Focuses on current implementations and working practices
• Details possible quick wins and recommendations for improvement
NIST Cybersecurity Maturity Assessment
• Based on the NIST Cybersecurity Framework (NIST CSF)
• Provides recommendations to develop your cybersecurity strategy and mature your capabilities to help manage and reduce risk
• Analyses capability maturity across all five NIST CSF functions
• Considers implementation (what you do) and policy (what you say you do) maturity
• Identifies high-risk areas where prioritised attention is required
• Feeds into the creation of an improvement plan and development of your cybersecurity strategy
Our Cybersecurity Assessment Methodology
Areas covered by our cybersecurity assessment services as standard are shown. Assessments can be tailored to meet specific requirements and expanded to include or focus on areas not listed below.
Comparison of NCSC 10 Steps and NIST CSF Maturity Analysis
NCSC 10 Steps Cybersecurity Assessment
• Risk management
• Identity and access management
• Engagement and training
• Data security
• Asset management
• Logging and monitoring
• Architecture and configuration
• Incident management
• Vulnerability management
• Supply chain security
NIST CSF Maturity Assessment
• Asset Management
• Business Environment
• Governance
• Risk Assessment
• Risk Management Strategy
• Supply Chain Risk Management
• Identity Management, Authentication and Access Control
• Awareness and Training
• Data Security
• Information Protection Processes and Procedures
• Maintenance
• Protective Technology
• Anomalies and Events
• Security Continuous Monitoring
• Detection Processes
• Response Planning
• Communications
• Analysis
• Mitigation
• Improvements
Methodology – NIST CSF Maturity Assessment
1. Project Initiation, scope identification, and planning
- Introduction to LRQA Nettitude delivery team
- Confirm priorities and scope for the analysis
- NIST Cybersecurity Framework overview
- Maturity level overview
- Discuss your objectives and any specific areas of concern
- Create a project plan and agendas
- Identify relevant resources, systems, data, assets
- Define target maturity levels
2. Conduct analysis
Maturity review aligned to NIST CSF functions
Identify: It is crucial to establish a baseline understanding of the assets you are trying to protect
Protect: Implementation of appropriate protective controls that protect your assets
Detect: Your ability to detect cybersecurity incidents plays a crucial role in minimising the potential impact on your organisation
Respond: The impact of cybersecurity incidents can be reduced by responding efficiently when they are detected. Timely responses can minimise the impact on operations, as well limiting financial and reputational damage
Recover: Your organisation must be able to promptly recover and restore to business as usual
- Review of written policies
- Interviews with key personnel
- Technical and process observations
- Review of evidence to understand the current position
3. Reporting
- An executive summary report that provides an overview of the analysis process, recommendations, and suggested next steps
- The report identifies your current position against the NIST CSF using a maturity model
- Detailed findings for each NIST CSF category provided
- Detailed findings are provided along with notes from our consultant and can be used to track progress
- Notable findings highlighted where high-priority tactical changes are recommended to reduce risk
4. Debrief
- Consultant-led debrief session and Q&A
- Review the findings of the analysis, recognising good practice and areas for improvement
- Understand the findings and what they mean for your organisation
- Discuss recommended next steps
Methodology – NCSC 10 Steps Cybersecurity Assessment
1. Project Initiation, scope identification, and planning
- Introduction to LRQA Nettitude delivery team
- Confirm priorities and scope for the analysis
- Share agendas identifying resources required
2. Conduct analysis
- Review against the 10 Step requirements and other optional areas agreed
- Interviews with key personnel
- Technical and process observations
3. Reporting
- Report including an executive summary
- Overview of the analysis process, recommendations, and suggested next steps
- Identifies your current position against the NCSC 10 Steps using a red/amber/green rating
- Detailed findings provided along with remediation recommendations
- Notable findings highlighted where high-priority tactical changes are recommended to reduce risk
4. Debrief
- Telephone debrief session
- Discuss the findings of the analysis and answer any follow-up questions
- Discuss recommended next steps
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. LRQA Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does LRQA Nettitude practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.
Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.
General Enquiry