Continual Cyber Assurance
Continual Cyber Assurance
Continual Cyber Assurance (CCA) evolved from the virtual Chief Information Security Officer service, or vCISO as it came to be known. Peter was the first to bring this service to market and many subsequently followed. CCA is a full tailorable solution designed to bring you peace of mind around risk and "cyber" security. Bringing together everything that worked from the vCISO service and combining it with leading penetration testing and security health checks,
CCA is the next generation service to help you stay one step ahead of your attackers. CCA provides you with a continual programme of cyber security that is adapted to your business and spread out across a year.
Continual Cyber Assurance starts with an on boarding week. This is a vitally important time as the success of this week ensures a smooth partnership over the following twelve months. During this week, we will look to gain as much information from you as possible. We will look to gain sight of your policies, processes and procedures, how your IT systems fit together, what defenses you currently have in place and what the technology deployment for your business looks like.
We will also look to understand your aspirations as a business. What levels of compliance would you like to meet? What projects you would like to achieve? The more information we know, the better position we will be in to support you.
You will be introduced to the team that will be looking after you. This will typically include an analyst, a penetration tester, a compliance manager and a CISO.
Download our CCA and CCM brochures
For some clients, we may deploy an application, either physical or virtual within their environment, to provide internal vulnerability assessments and monitoring. The appliances are fully hardened secure linux systems with AES256 encrypted drives. They communicate directly to our Security Operations Center in the UK over a TLS1.2 encrypted VPN link to provide our teams with real time vulnerability management information.
Continual Cyber Assurance is a bespoke service which is tailored to every clients needs. That said, there is a core service which changes very rarely changes. This is the foundation on which Continual Cyber Assurance is built for each client.
Here is a typical example CCA program:
Each month we will carry out:
Internal vulnerability assessment
Updates sent to the Client Portal
Each week we will carry out:
External vulnerability assessment
Dark Web review
Review of all intelligence feeds
Every six months will perform a full internal and external penetration test against your digital and physical systems to identify security weaknesses.
External Penetration Test
Internal Penetration Test
Every quarter we will produce a Cyber Risk Report which will contain details of what has been identified over that quarter and any trends being identified. We will also produce the quarters Cyber Security Awareness Training briefing based on the trends identified within the Cyber Security Management Report.
Every year we will complete your Cyber Essentials and Cyber Essentials Plus certifications attend to your ISO27001:2013 audits. This includes a full review of policies and the underlying Information Management System (IMS) in line with Annex A of the ISO27001:2013 standard. On top of this, we will review your network device configurations, server and workstation build configurations and, combined with the routine vulnerability testing, we will produce a IT Health Check report.
Baseline Security Audit
Cyber Essentials and Cyber Essentials Plus assessment and audit
IT Health Check Report