Home
Continual Cyber Assurance

Continual Cyber Assurance allows you the time to breathe and stop worrying about the level of cyber risk your business is exposed to.

Breath, Relax, Let us worry about your cyber risk exposure.

  • Weekly Vulnerability Scanning
  • Dark Web & Internet Monitoring
  • Routine Penetration Testing
  • Quarterly Cyber Risk Reporting
  • Monthly dedicated CISO Time
  • Quarterly Awareness Training Briefings
  • 24x7x365 Support

Continual Cyber Assurance Overview

Continual Cyber Assurance (CCA) evolved from the virtual Chief Information Security Officer service, or vCISOTM as it came to be known. Peter was the first to bring this service to market and many subsequently followed.

CCA is a full tailorable solution designed to bring you peace of mind around risk and "cyber" security. Bringing together everything that worked from the vCISO service and combining it with leading penetration testing and security health checks, CCA is the next generation service to help you stay one step ahead of your attackers.

CCA provides you with a continual programme of cyber security that is adapted to your business and spread out across a year.

How Continual Cyber Assurance Works

Continual Cyber Assurance starts with an on boarding week. This is a vitally important time as the success of this week ensures a smooth partnership over the following twelve months. During this week, we will look to gain as much information from you as possible. We will look to gain sight of your policies, processes and procedures, how your IT systems fit together, what defences you currently have in place and what the technology deployment for your business looks like.

We will also look to understand your aspirations as a business. What levels of compliance would you like to meet? What projects you would like to achieve? The more information we know, the better position we will be in to support you.

You will be introduced to the team that will be looking after you. This will typically include an analyst, a penetration tester, a compliance manager and a CISO.

The Continual Cyber Assurance Appliance

For some clients, we may deploy an application, either physical or virtual within their environment, to provide internal vulnerability assessments and monitoring. The appliances are fully hardened secure linux systems with AES256 encrypted drives. They communicate directly to our Security Operations Center in the UK over a TLS1.2 encrypted VPN link to provide our teams with real time vulnerability management information.

What Continual Cyber Assurance Covers

Continual Cyber Assurance is a bespoke service which is tailored to every clients needs. That said, there is a core service which changes very rarely changes. This is the foundation on which Continual Cyber Assurance is built for each client. Here is a typical example CCA program:

Weekly

Each week we will carry out the following tasks:

  • External assessment of your public address space and record any vulnerabilities present. Should we identify any critical or high risk vulnerabilities you will be notified immediately.
  • Active search of the darkweb for mentions of your company name.
  • Review of active intelligence feeds to assess the current level of cyber risk.

Monthly

Each month we will carry out the following tasks:

  • Internal vulnerability assessment to identify and record any vulnerabilities present on your internal network and systems.
  • Update to the online Cyber Risk Portal

Quarterly

Every quarter we will produce a Cyber Security Management Report which will contain details of what has been identified over that quarter and any trends being identified. We will also produce the quarters Cyber Security Awareness Training briefing based on the trends identified within the Cyber Security Management Report.

We will additionally perform a full internal penetration test against your digital and physical systems to identify security weaknesses.

  • Cyber Risk Report

Six Monthly

Every six months will perform a full internal and external penetration test against your digital and physical systems to identify security weaknesses.

  • External Penetration Test
  • Internal Penetration Test

Annual

Every year we will complete your Cyber Essentials and Cyber Essentials Plus certifications attend to your ISO27001:2013 audits. This includes a full review of policies and the underlying Information Management System (IMS) in line with Annex A of the ISO27001:2013 standard. On top of this, we will review your network device configurations, server and workstation build configurations and, combined with the routine vulnerability testing, we will produce a IT Health Check report.

  • Baseline Security Audit
  • Cyber Essentials and Cyber Essentials Plus assessment and audit
  • IT Health Check Report

Examples

Because of the bespoke nature of CCA, here are three example programs with their monthly costs:

Small Business

£ 500

Weekly:

  • Risk Monitoring


Monthly:
  • External Pro Scan


Quarterly:
  • Cyber Risk Reporting


Six Monthly:
  • External Penetration Test

Annual:
  • Cyber Essentials Plus

Medium Business

£ 2,500

Weekly:

  • Risk Monitoring


Monthly:
  • External Pro Scan
  • Internal Pro Scan

Quarterly:
  • External Penetration Test
  • Cyber Risk Reporting

Six Monthly:
  • Internal Penetration Test

Annual:
  • IT Health Check
  • Cyber Essentials Plus

Large Business

£ 4,000

Weekly:

  • Risk Monitoring
  • External Pro Scan

Monthly:
  • Internal Pro Scan
  • External Penetration Test

Quarterly:
  • Internal Penetration Test
  • Cyber Risk Reporting

Six Monthly:
  • ISO27001 Management Audit

Annual:
  • IT Health Check
  • Cyber Essentials Plus