Securing business data

News Article

CNS Launch Tiered Cyber Security Services to Meet a Range of Client Needs in a Changing Digital Environment.

by User Not Found | 10 Oct 2019

Our Services Provide Robust Cyber Security and Peace of Mind in a Complex and often Uncertain World.

Did you know that 43% of businesses have reported suffering cyber security breaches during the previous 12 months? Among SMEs this rose to 72%. Breaches can come in a number of forms, from viruses, spyware, and other malware, through to impersonation of an organisation, phishing and Denial of service (DDoS) attacks.

The implications of a breach can be wide ranging. Organisations affected tend to need significant amounts of extra staff time to deal with disruption, as there is often inability to carry out normal duties in the aftermath; and further down the line there is the need to devote resources to bolster the defences against possible future cyber-attacks. There are also things that can’t be measured such as reputational damage and loss of brand equity. 

Suffering a breach is costly and time consuming, but becoming victim to cyber-attacks is something that can be avoided when the right measures are put in place.

 

 

 

 

To answer the evolving cyber security needs of organisations, we are launching a number of new services, all of which offer flexibility and cater to a range of different organisation sizes.


 Cyber Security as a Service (CSaaS)

Today SME organisations have never been more at risk of suffering significant financial, operational and reputational damage from cyber-attacks. With regulators enforcing heavy fines through mechanisms such as GDPR, as well as breaches being disclosed therefore increasing reputational damage to affected organisations, robust cyber security measures are essential for organisations that wants to mitigate the risks they face.

Our CSaaS (aimed at SME organisations) provides all round cyber security and peace of mind, by packing up a number of our services.

The Benefits of CSaaS

  • Relieves the burden of managing cyber security internally and get direct access to a specialist cyber security experts. 
  • Increases the reliability of core security functions and improve security efficiencies.  
  • Reduces the total costs of employing a cyber risk team and demonstrate greater returns on your security spending. 
  • Protects your assets, reputation and shareholder value.

What CSaaS includes:

  • Technical control gap analysis providing strategic direction and risk plans
  • Key Boiler plate policies covering critical elements every organisation require
  • Vulnerability testing and remediation program
  • Security event logging, monitoring and reporting capability to identify any potential breaches
  • Security Awareness training platform and education program
  • Access to Cyber Security technical and management skill base

CIS Security Control Review Service 
CIS Critical Security Controls (CSC) help organisations defend against known attacks by distilling key security concepts into actionable controls. To protect critical services and assets, you must be confident that your underlying security controls provide a robust and comprehensive defence against both external and internal threats.Achieving ISO 27001 certification is crucial, it demonstrates that your organisation has identified the risks, assessed the implications and put in place systemised controls to limit any damage to the organisation. Ultimately enabling you to protect the confidentiality, integrity and availability of your information.

We offer a comprehensive Security Control Review (SCR) Service to:

  • Confidently report on the status of your organisation’s security controls
  • Identify gaps in controls capability against best practice including possible risks associated to the organisation
  • Share improvements and technical recommendations

Our consultants gather intelligence from key client stakeholders, employing our proprietary scoring mechanism to identify fully operational through to missing or ineffective controls. We then recommend solution/options to bolster control capability & mitigate risks identified.


 End Point Managed Detect and Respond
Endpoint security is the protection of internet-connected devices such as desktops, laptops, smartphones and tablets against cyber threats. Given that the goal of any cyberattack is to gain access to a vulnerable endpoint, and that all breaches will ultimately involve at least one endpoint, it is important to view these as your first line of defence and fortify them accordingly.

Our Endpoint Managed Detect and Response Service combines:

  • Prevention first approach
  • Seamless integration into current Mosaic Comply & Secure Managed Services
  • Highly trained Analysts
  • Cutting edge technology
  • Industry intelligence

By continuously monitoring your organisation’s endpoint activities and when required, conducting forensic analysis across your endpoint estate, our expert Cyber Security Operations Centre (CSOC) professionals obtain a real-time awareness of attackers’ movements in order to enhance threat discovery capabilities and thwart attacks.


 ISO 27001 Certification - Achieve data security with My ISO 

Achieving ISO 27001 certification is crucial, it demonstrates that your organisation has identified the risks, assessed the implications and put in place systemised controls to limit any damage to the organisation. Ultimately enabling you to protect the confidentiality, integrity and availability of your information.

We have developed an approach that has helped multiple organisations achieve certification. Based on our experience of working with companies of all sizes, we have an established method of implementing ISO 27001 to fit your organisation. This ensures that you successfully achieve certification on time, and on budget.

 

Our services include:

  • Creation and development of the main ISO27001 Clause 4-10 documentation.
  • Support, development and guidance on an information security risk assessment
  • Creation of all appropriate Annex A control documentation
  • Advice and guidance on the implementation of the required Annex A controls
  • Facilitation of a Management Review
  • Provision of an ISO27001 internal audit conducted by a certified ISO27001 Lead Auditor
  • Support in selecting an accredited certification body
  • Information Security Manager as a Service (ISMaaS).

Dynamic Penetration Testing

Technology is always changing and is constantly under attack from multiple threat vectors. Annual pen testing provides a snapshot in time but doesn't provide a full and up to date picture throughout the year, that's why it's crucial to continuously test your environment. Knowing your vulnerabilities and how to fix them means security.

Dynamic Penetration Testing combines and enhances all the positives of Manual Penetration Testing and Automated Vulnerability Scanning, eliminates any of the negatives of both then layers effective remediation management (facilitated by the CNS Risk Profiling Algorithm) over the top.

Our Dynamic Penetration Testing (DPT) uses regular periodic testing to identify vulnerabilities affecting hosts and monitors them over a period of time. The results are displayed in an easy to use portal which is individual to your organisation.

The DPT Service:

  • Provides an initial full Penetration Test to establish a base line
  • Provides results presented via an online client portal, so that risk can be viewed across whole of an organisation
  • Creates risk scores, giving issues a business context
  • Tracks and allocates issue remediation, including drilling down into technical detail
  • Includes ability to upgrade or downgrade risk as the security landscape changes
  • Provides continual retesting and updates on applications, systems, and or network changes
  • Relieves CISOs and risk owners of the annual test stress
  • Provides actionable information quickly
  • Facilitates the clear tracking and reporting of risk reduction, thus providing demonstrable value to auditors and executives.

 

Key Features & Benefits of DPT:

  • Carries out a full Penetration Test to establish a base line
  • Presents Penetration Test results via an online client portal, so that risk can be viewed across whole of an organisation
  • Creates risk scores, giving issues a business context
  • Tracks and allocates issue remediation, including drilling down into technical detail
  • Includes ability to upgrade or downgrade risk as the security landscape changes
  • Provides continual retesting and updates on applications, systems, and or network changes
  • Relieves CISOs and risk owners of the annual test stress
  • Provides actionable information quickly
  • Facilitates the clear tracking and reporting of risk reduction, thus providing demonstrable value to auditors and executives

Scenario Testing

Cyber-attacks are now seen as an inevitable, that’s why preparation is key. Understanding the multiple threat vectors that exist, whilst knowing how resilient you are in the face of them provides the basis for a cyber resilience strategy.

The most effective way to assess resilience is to determine how quickly and effectively your business can react to any given scenario, by conducting Scenario Testing. We provide a Scenario Testing service designed to provide a more contextual and bespoke package. Similar to "Red Team" testing, scenario testing can include but is not limited to:

  • Elements of social engineering
  • malware writing
  • Phishing
  • Hardware/device hacking
  • Scenario based targeted network/device attacks. 

Threat Intelligence Services

Threat intelligence enables organisations to understand the relevance of the multitude of data is produced and thus, the, likelihood of an attack. This allows the security team to take the right action, based on reliable knowledge of what must be responded to and what is simply noise.

Our Threat Intelligence Service provides:

  • Contextualised intelligence reports and raw data feeds
  • Notification of general threats impacting organisations globally
  • Situational information influencing your cyber security strategy

If you are interested in finding out about any of the services above or if you would simply like to speak with an expert in regard to your cyber security, we are offering free cyber security consultations.

Please Get in Touch

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere