Client type : Data Management

Delivery type: Consultative – existing ICT support will make changes
Size of company: 30-50 employees
Sector: IT
Threat protection level: Medium

Our client, a smaller company within a larger organisation, providing internal and external ICT support for the wider company and their end clients.

The parent company wanted to ensure that the ICT function was compliant with Cyber Essentials and the IASME Framework (Gold) to ensure that they were able to demonstrate best practice is in place and that security was taken seriously within the organisation.

Cyber Tech completed a full review of all policies, processes, documentation and systems including staff interviews and full infrastructure review in order to determine what was required to achieve a full Cyber Essentials and IASME Framework (Gold) certification.

Working with the client’s ICT department (who were a qualified IT support engineering team) our delivery was more consultative, review and assessment based as the actual remediation and actions following our recommendations was completed by the internal team and reviewed and confirmed by Cyber Tech consultants.

The scope of the investigation included:

  • Disaster Recovery & Business Continuity
  • Asset Management / Information Asset Owners
  • Approved Hardware / Software lists
  • System Administration processes and security around these processes
  • Security Systems, application of these, setup and management and effectiveness
    • Anti-Virus / Anti-Malware
    • Password Policy / Multi-Factor Authentication protection for Administration
    • Border Firewall / Device Firewalls
    • Patching (O/S & 3rd Party Applications)
    • Life Cycle Management
      • General Applications
      • Line of Business Software
      • Operating Systems
      • Firmware on devices
      • Devices themselves
    • Data Destruction and device disposal management
    • Vulnerability Assessments and remediation process
    • Encryption
    • Removable Media use / security
    • Building / Server Room / ICT asset access control
    • Remote Access / Authentication Systems
    • User Creation / Security Authorisation & Access Control / User Removal
    • Security Incident recording / security management procedures
    • Staff security training / updates / evaluation of skills
    • HR contracts for ICT access (inclusion of security clauses)
    • Employment process validation for security within ICT

Device Build / Device Security / Updates and Management

Delivery of consultative advice, recommendations and support to the internal teams who were making the required changes to comply with the requirements of both the Cyber Essentials and IASME Framework (Gold) standard.

  • Policy / Process Creation / Training / Sign-off
  • Standards development and delivery
  • Security changes / improvements
  • Certification to Cyber Essentials
  • Certification to IASME Framework (Gold) with GDPR

Recommendations for future improvements which would further reduce risk and increase security although not part of the standard CE/IASME Framework standards.

Housing case study

Size of company:
25

Sector:
Housing

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client holds lots of confidential data relating to tenants in their properties and financial and medical care plans in relation to the care and support of those tenants in their properties and managed/assisted living spaces.

View full case study >>

Managed Business Services case study

Size of company:
25

Sector:
IT

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client, a smaller company within a larger organisation, providing internal and external ICT support for the wider company and their end clients.

View full case study >>

Data Management case study

Size of company:
50-100

Sector:
Government

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client works with several very well-known UK brands and local / central government departments all of which, through questionnaires and external audits, were asking our client for further information about their security provision as there was a need to ensure that the data being managed by our client was secure.

View full case study >>

Legal case study

Size of company:
25

Sector:
Legal

Threat protection cover:
Cyber Essentials, Cyber Essentials Plus, Ongoing Cyber Support

Overview:

Our client, a legal firm, wanted to improve their Cyber Security Posture through the National Cyber Security Centre’s (NCSC) Cyber Essentials and Cyber Essentials Plus certification path.

View full case study >>

Our Credentials

We are the only Cyber Security Company who can certify your compliance (we are an approved certifying body) and manage your security and risk on an ongoing basis, as well as help you achieve Cyber Essentials, Cyber Essentials Plus and IASME Gold Framework.