CST

Call us on +44 (0)20 7621 7836 LinkedInTwitter

Call +44 (0)20 7621 7836 LinkedInTwitter

CST have been specialising in Information Protection and Cyber Defence for 20 years. Our aim is to help organisations manage cyber security with the least amount of disruption, and for organisations who strive to improve their security posture but don’t have the correct resource in place.

We would be happy to discuss your requirements over the phone or meet with you at your office.

Get in touch

CST 20 years experience

The CST Cyber Resilience Assessment service measures your defences against the 20 factors that best practices recommend.

The assessment takes the form on an onsite workshop with key personnel, using a methodology that is based on British Standards and other leading and recognised organisations such as SANS institute. The service analysis the current and desired state of cyber resilience and encompasses:

  • Critical gaps between current and desired state
  • Key areas of organisational focus for cyber defence
  • Cyber improvement plan with prioritised tasks rankings
  • Guidance and recommendations

Why Cyber Security?

  • Defining Cyber Risk

    The probability of a technology attack impacting an organisation's Information Systems.

  • Cyber Attack

    Targeted and Automated attempts to compromise systems.

  • Impact

    An adverse effect, such as: System Productivity, Data loss, Information corruption, Regulatory failure, denial of Service, Share Holder Assurance and Customer confidence.

Cyber Security is a subcategory of the larger Information Security Management topic. Cyber Security is gaining recognition as an important subject that needs addressing as a matter of priority.

The change in priority is due to three factors that are increasing the risk of attack across industry, these three factors being:

  1. Rapid IT evolution – Business are relying on IT systems ever more than ever, and such systems are now considered a "MUST have" as opposed to a "GOOD to have.

  2. Interconnected world – the traditional boundaries of a business tended to stop at its walls and to some part its internet gateway, todays perimeters extend the businesses network into 3rd party's, such as Suppliers, Business partners and Unmanaged devices of staff for instance.

  3. Multiple Threats – the traditional and largely benign threat has been replaced with well-resourced internet based attacks that are motivated by fraud, espionage and hacktivisim. They use multiple and in-depth techniques to avoid detection and assure success, they do not seek the old style glory of notoriety; rather they craft the attacks to be inconspicuous.  

Cyber threats are now accepted as a genuine business risk, in fact the most recent report by Lloyds register places Cyber Risk as the 3rd highest global risk to business (it was place 13th at the last report - available upon request). The UK Governments has also accepted the risk to businesses from Cyber threats and is writing to organisations asking them to evaluate against a 10 point cyber security strategy (you may have seen the cyber security jig saw and Cyber Street initiatives).

Cyber Resilience Assessment

To address this growing risk we have a Cyber Security assessment service “Cyber V” (Visibility) in partnership with Symantec. This takes the form of an onsite workshop that works through the top 20 key controls that makes for a robust cyber defence. The end result is a detailed report that identifies gaps and areas of improvements and practical prioritised suggestions; the process also provides a great educational and awareness platform for the staff involved on the topic of cyber security.

The noteworthy business benefit is defining the specific risk that your business faces from Cyber threats and the potential loss, such as; a data breach, revenue losses, damage to brand reputation, and industry regulatory failure. The value is knowing where and what to do first to address the greatest Cyber risk to your business.

3-Phase Best in Class Approach to Cyber Assessment

Assess

Review and measure the four cornerstones of Cyber risk management:

  1. Organisation:  Leaderships & Governance

  2. Status:  Current position & posture for risk

  3. Visibility:  New threats and emerging hazards

  4. Response:  Protection, strategies, controls and ability to act.

Analyse

Identify Critical Gaps, distinguish priority topics and rank resilience

Delivery

Present findings and detailed report

Opinion & Resources



The Cyber Assessment Service is about giving a business the visibility of its defence posture against a cyber-attack.

 

It’s not a test of any particularsystem, nor is it a threat sweep – these can be undertaken as part of the Cyber assessment service if required.

 

The top 20 controls as recommended by SANS are not rocket science and are readily available, what CST find is that Information Security is driven by reactive projects, and  organic growth of established controls, as such some of the 20 key controls are either missing or are not fit for purpose within a business with todays and tomorrows new risks.

Nigel Lewis