Digital technologies have transformed our economy, society and individual lives. They have enabled improvements in science, logistics, finance, communications, and other essential activities. Consequently, we have become reliant on digital technologies leading to potential data breaches and hacking exposing organisations.
The Cyber Security Review is based on an assessment of the current security policies and procedures benchmarked against the National Cyber Security Centre (NCSC), Ten Steps to Cyber Security; this also includes comparing this to the Cyber Essentials Plus framework.
The review combines knowledge and expertise to
help identify threats and expose the organisation’s risk to allow you to understand your security maturity and areas for improvement.
The review is presented into a formal Assessment Report with prioritised recommendations to allow you to give the key findings back to your management team.
CYBER SECURITY PLAN
CYBER SECURITY REVIEW DELIVERY PLAN
The review will be based on a live workshop with key representatives from your organisation to help establish your current alignment with the NCSC’s ten steps and map out the activities required to align with these steps.
The Cyber Security Review will consist of the following elements:
Data Protection |
– An audit of your data protection framework and privacy, ‘by design’ – You must comply with the UK GDPR, which includes meeting the principles to protect the rights of individuals – Your organisation must be registered with the Information Commissioners Office (ICO) – You should appoint a Data Protection Officer (DPO) – You should publish a NHS Data Security and Protection Toolkit (DSPT) to “Standards Met” – You should complete a Data Protection Impact Assessment (DPIA) |
Technical Security |
• Gain and renew (annually) Cyber Essentials certification (ideally to Cyber Essentials Plus standard) • Ensure that an External Penetration Test of your product or application, is conducted at least annually • Provide evidence that you have Multi-Factor Authentication (MFA) in place, along with checks in respect of Load Testing and Logging / Reporting • Carry out a custom cod security review, of your product or application |
We recognise that each organisation is different in scale and complexity. Therefore, our Cyber Security Review is tailored to your requirement and may alter what is displayed in this literature.