Continual Cyber Assurance (CCA) evolved from the virtual Chief Information Security Officer service, or vCISOTM as it came to be known. Peter was the first to bring this service to market and many subsequently followed.
CCA is a full tailorable solution designed to bring you peace of mind around risk and “cyber” security. Bringing together everything that worked from the vCISO service and combining it with leading penetration testing and security health checks, CCA is the next generation service to help you stay one step ahead of your attackers.
CCA provides you with a continual programme of cyber security that is adapted to your business and spread out across a year.
Continual Cyber Assurance starts with an on boarding week. This is a vitally important time as the success of this week ensures a smooth partnership over the following twelve months. During this week, we will look to gain as much information from you as possible. We will look to gain sight of your policies, processes and procedures, how your IT systems fit together, what defences you currently have in place and what the technology deployment for your business looks like.
We will also look to understand your aspirations as a business. What levels of compliance would you like to meet? What projects you would like to achieve? The more information we know, the better position we will be in to support you.
You will be introduced to the team that will be looking after you. This will typically include an analyst, a penetration tester, a compliance manager and a CISO.
For some clients, we may deploy an application, either physical or virtual within their environment, to provide internal vulnerability assessments and monitoring. The appliances are fully hardened secure linux systems with AES256 encrypted drives. They communicate directly to our Security Operations Center in the UK over a TLS1.2 encrypted VPN link to provide our teams with real time vulnerability management information.
Continual Cyber Assurance is a bespoke service which is tailored to every clients needs. That said, there is a core service which changes very rarely changes. This is the foundation on which Continual Cyber Assurance is build for each client. The core includes:
Each week we will carry out the following tasks:
Each month we will carry out the following tasks:
Every quarter we will produce a Cyber Security Management Report which will contain details of what has been identified over that quarter and any trends being identified. We will also produce the quarters Cyber Security Awareness Training briefing based on the trends identified within the Cyber Security Management Report.
We will additionally perform a full internal penetration test against your digital and physical systems to identify security weaknesses.
Every six months will perform a full internal and external penetration test against your digital and physical systems to identify security weaknesses.
Every year we will complete your Cyber Essentials and Cyber Essentials Plus certifications attend to your ISO27001:2013 audits. This includes a full review of policies and the underlying Information Management System (IMS) in line with Annex A of the ISO27001:2013 standard. On top of this, we will review your network device configurations, server and workstation build configurations and, combined with the routine vulnerability testing, we will produce a IT Health Check report.
Every business releases new public facing services, so as part of the CCA program we will put new services, features etc. through a full CREST certified penetration test so you can be sure when they are released that they are safe.
10th Floor, 3 Hardman Street
1st Floor, 138a Main Street