Securing business data
Call us today on 020 7592 8800

Case Study:
Civil Aviation Authority

CAA’s implicit trust in the quality of CNS’s Testers and their certification led to discussions at the end of 2014 on how CNS could provide a closer strategic relationship with CAA and therefore yield more frequent and robust testing programme for 2015.

"CNS Group have provided the CAA with a complete, flexible and professional approach to testing.  By working closely with us on ascertaining and understanding our requirements CNS have provided  proportionate and focused testing  with well written reports. They have been especially helpful with advice and guidance both pre and post testing”

IT Security Management, CAA

________________________________________________________________________________________

The Situation

As the UK’s primary regulator of Aviation, The Civil Aviation Authority (CAA) is a fundamental part of the UK’s National Critical Infrastructure. Through its skills and expertise it is recognised as a world leader in its field.

The challenges faced by an organisation such as CAA are ever more complex and wide ranging. From ensuring they implement the very highest standards in protecting their data and that of their, Pilots, Aircraft Engineers, Air Traffic Controllers and Airlines to monitoring ever more pervasive cyber threats to aircraft safety, the CAA has to work with a high calibre supply chain.

As CAA’s approach to systems development and internal based application housing to a cloud based services infrastructure, so the need for an independent, specialist and highly accredited third party grew.

________________________________________________________________________________________

Solution

Having worked with CAA since 2010 on ad-hoc penetration tests, CNS Group had become a trusted partner of the CAA Security Team. However, with the changing landscape of the application and network layout it became apparent that CAA were looking for a strategic ally to provide them with the very highest quality testers in the UK to enhance and protect their security architecture as well reduce their business risk.

As a CESG CHECK, CREST and Tiger Scheme certified consultancy, CNS has over fifteen years of experience of assisting their clients that range from vastly different business types, sizes and risk profiles.

CAA’s implicit trust in the quality of CNS’s Testers and their certification led to discussions at the end of 2014 on how CNS could provide a closer strategic relationship with CAA and therefore yield more frequent and robust testing programme for 2015.

________________________________________________________________________________________

Detail

 CNS has provided CAA with the following critical technical services for 2015;

  • Web Application Security Testing - CNS is now embedded in CAA’s devolvement life cycle to ensure that testing is completed before new applications and services are released without the necessary testing in both Development and Live environments.
  • Cyber Essentials Plus Gap Analysis – CNS is working with CAA to achieve Cyber Essentials certification before the end of 2015.
________________________________________________________________________________________

Results

The comprehensive Application Testing programme delivered to CAA by the CNS Group Testing Team in 2015 has uncovered significant results that has allowed CAA to establish a stringent security baseline that third party developers and hosting providers are required to adhere to before new services are released to the CAA user base and wider public.

CNS’s ability to deliver high level testing at often short timescales and out of hrs has helped CAA to improve its security posture and lead the way at under

________________________________________________________________________________________

Why Choose CNS?

Maybe speak with some of our clients, but the following factors are behind our success;

  • CNS’s Testing Team been at the forefront of testing techniques since 1999
  • Highly Accredited Technical certifications with CESG CHECK, CREST, Tiger
  • CNS’s Test Team is not just testers, with many having real life experience of running networks and auditing them. Our Test Team also have certified ISO 27001 and PCI DSS QSA Audit Certifications.
  • SC and DV clearance
  • Research Team who lab new techniques and who hold Pen Test Portal Training quarterly sessions for all our clients who want to learn to be a hacker.
________________________________________________________________________________________

Conclusion

2015 is proving another challenging year for all organisations protecting their data and that of their clients. CAA and CNS’s partnership is allowing CAA’s Senior Management to concentrate on delivering the highest level service to their users and clients alike without compromising on security. Moreover, CNS’s relentless approach to ensuring that each and every client is more secure post any testing allows CAA in this case to feel confident about its ability to police the ever more formidable cyber terrorism threat to the UK Aviation industry. 

Talk to an expert:

Company Size

E.g. Finance
*Required fields