CYBER SECURITY SERVICES

TO GOVERNMENT

Delivering NCSC/CPNI specific services to Government Departments, their associated agencies and other public sector bodies.


CYBER SECURITY SERVICES

TO INDUSTRY

We are industry leaders in our respective fields. We hold industry sector cybersecurity and information assurance best practice senior certifications.



Arrow Down










CYBER SECURITY SERVICES TO GOVERNMENT

In addition to Cyber Guarded delivering cybersecurity services to industry, we also deliver NCSC/CPNI specific services to Government Departments, their associated agencies and other public sector bodies.

As a NCSC Certified Company, we provide the following core services to UK Government Departments, their agencies and other public sector bodies to include but not limited to:

  • NCSC CHECK IT Health Checks through
  • NCSC Certified Professional Cyber Services
  • Risk Management Accreditation Document Set (RMADS) Production
  • Critical National Infrastructure (CNI) Security Assessments
  • NHS Cyber Security Testing and Information Assurance Services

AUDIT | DEFEND | COMPLY











CYBER SECURITY SERVICES

TO INDUSTRY

CYBER ESSENTIALS / CYBER ESSENTIALS PLUS

Certification body for Cyber Essentials Plus & IASME
Cyber Essentials is a government backed, industry supported scheme to help organisations of all sizes protect themselves against the most common cyberattacks. The Cyber Essentials scheme focuses on a set of five key security controls which, when implemented correctly, will mitigate against the most common cyber threats, particularly those requiring low levels of attacker skill and which are widely available online.



CYBER ESSENTIALS / CYBER ESSENTIALS PLUS


Certification body for Cyber Essentials Plus & IASME

Cyber Essentials is a government backed, industry supported scheme to help organisations of all sizes protect themselves against the most common cyberattacks. The Cyber Essentials scheme focuses on a set of five key security controls which, when implemented correctly, will mitigate against the most common cyber threats, particularly those requiring low levels of attacker skill and which are widely available online.

Achieving Cyber Essentials certification provides organisations with a baseline of security controls upon which to build a robust defence in the modern day threat landscape.

As a Cyber Essentials Certification Body, we are trained and licenced to assess and certify against all levels of the Government’s Cyber Essentials scheme and provide the necessary guidance and assistance to organisations aiming to achieve certification.

CyberGuarded are an Certification body for Cyber Essentials Plus & IASME Governance as per the link below. https://www.iasme.co.uk/certification-bodies/

Cyber Security as a Service / CSaaS Continual Vulnerability Assessments

Carrying out monthly internal, external or cloud vulnerability assessments, effectively placing a seasoned pentester within your organisation month on month. Can be securely deployed using several methodologies to suit each organisation’s requirements.



Cyber Security as a Service / CSaaS Continual Vulnerability Assessments


Carrying out monthly internal, external or cloud vulnerability assessments, effectively placing a seasoned pentester within your organisation month on month. Can be securely deployed using several methodologies to suit each organisation’s requirements.

WEBSITE APPLICATION & MOBILE APPLICATIONSECURITY

We undertake website, web application and web portal security testing to identify security vulnerabilities in web enabled resources and use the test results to provide detailed remediation actions for each discovered vulnerability.

WEBSITE APPLICATION & MOBILE APPLICATIONSECURITY

We undertake website, web application and web portal security testing to identify security vulnerabilities in web enabled resources and use the test results to provide detailed remediation actions for each discovered vulnerability.

We use a consistent, repeatable and defined approach to testing web applications that follows the Open Web Application Security Project (OWASP) testing methodology and tests are conducted to international best practice along with GCHQ - NCSC standards.

In addition to web security penetration testing, we also provide security source code review and security support through the web application development cycle.

NETWORK AND INFRASTRUCTURE SECURITY

We assess and examine network devices to confirm proper software updating and configuration actions are undertaken, ensuring the network infrastructure is secure, resistant and reliable.

NETWORK AND INFRASTRUCTURE SECURITY

We assess and examine network devices to confirm proper software updating and configuration actions are undertaken, ensuring the network infrastructure is secure, resistant and reliable. This includes configuration review, software versions, management configuration weakness and all current public exploits.

For access control network devices such as firewalls, we audit the firewall infrastructure and review the rule set and operating system versions.

We test the trust model against known configuration weaknesses inherent with some manufacturer’s firewalls default settings. We also test using known exploits to assess the responsiveness and effectiveness of the firewall against such attacks.

GET IN TOUCH ABOUT NETWORK AND INFRASTRUCTURE

NETWORK PERIMETER VULNERABILITY ASSESSMENT (PENETRATION TEST) - VAPT

Network perimeter security testing is a method of evaluating the security of a computer network by simulating the attacks normally utilised by a malicious attacker.

NETWORK PERIMETER VULNERABILITY ASSESSMENT (PENETRATION TEST) - VAPT

Network perimeter security testing is a method of evaluating the security of a computer network by simulating the attacks normally utilised by a malicious attacker. The process involves an active analysis of the network perimeter for any potential vulnerabilities that may result from poor or improper system configuration, hardware or software flaws or operational weaknesses in process or technical countermeasures.

The security issues found are presented together with an assessment of their impact and recommended remedial actions. The intent of the penetration test is to determine the feasibility of an attack from outside the network and the business impact of a successful exploit.

MOBILE DEVICES SECURITY

Malicious actors are constantly finding new ways to compromise business networks. Evolving methods favoured by adversaries are increasingly attacking improperly secured commonly used mobile devices such as, tablets and smart phones.

MOBILE DEVICES SECURITY

Malicious actors are constantly finding new ways to compromise business networks. Evolving methods favoured by adversaries are increasingly attacking improperly secured commonly used mobile devices such as, tablets and smart phones.

These mobile devices most often have access to corporate networks via email, VPNs, and other remote access methods.

CyberGuarded assists organisations protect against the latest mobile security threats. We assess and attempt to penetrate mobile networks and devices using the latest threat methods which when combined with our approach to identifying security vulnerabilities ensures that latest security compromising methods are presented for mitigation.

CLOUD SECURITY

CyberGuarded Cloud security assessments assist organisations identify cloud security and privacy risks. Our security experts review fourteen critical areas of cloud computing security exposure. We provision our proprietary Security Assessment Scorecard to identify key weaknesses in an organisation’s infrastructure.

CLOUD SECURITY

CyberGuarded Cloud security assessments assist organisations identify cloud security and privacy risks. Our security experts review fourteen critical areas of cloud computing security exposure. We provision our proprietary Security Assessment Scorecard to identify key weaknesses in an organisation’s infrastructure.

We conduct a detailed assessment of the organisation’s top priority threat areas in line with corporate risk and regulatory requirements.

CRITICAL NATIONAL INFRASTRUCTURE (CNI) SECURITY ASSESSMENTS

Our SCADA/ICS CSSA–Certified SCADA Security Architect consultants are specialists in Critical National Infrastructure (CNI), Industrial Control Systems (ICS) and SCADA security within the Energy and Utilities sector.

CRITICAL NATIONAL INFRASTRUCTURE (CNI) SECURITY ASSESSMENTS

Our SCADA/ICS CSSA–Certified SCADA Security Architect consultants are specialists in Critical National Infrastructure (CNI), Industrial Control Systems (ICS) and SCADA security within the Energy and Utilities sector.

Our services focus on the unique aspects of applying the security priorities of Safety, Availability, Integrity and Confidentiality to industrial automation solutions covering not only Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS), but the complete automation solution ranging from field instrumentation, embedded devices, third-party subsystems up to and including integration with enterprise-wide applications.

WIRELESS SECURITY

A Cyber Guarded wireless security assessment is a comprehensive review of the client wireless network architecture. During this assessment our security consultants perform a wireless discovery internally and externally to determine the presence of networking devices providing wireless connectivity and review management controls and processes implemented to ensure effective protection and safeguards are in place.

WIRELESS SECURITY

A Cyber Guarded wireless security assessment is a comprehensive review of the client wireless network architecture.

During this assessment our security consultants perform a wireless discovery internally and externally to determine the presence of networking devices providing wireless connectivity and review management controls and processes implemented to ensure effective protection and safeguards are in place.

SECURITY CODE REVIEW

In any software development life cycle (SDLC), security code review is paramount. Performing security activities across the development life cycle is proven to be cost-effective when compared to tentative high level design security considerations by developers under pressure to develop functional and user accepted solutions.

SECURITY CODE REVIEW

In any software development life cycle (SDLC), security code review is paramount. Performing security activities across the development life cycle is proven to be cost-effective when compared to tentative high level design security considerations by developers under pressure to develop functional and user accepted solutions. Security code reviews intervening at regular intervals allows potentially costly issues to be detected early on in the development life cycle.

CyberGuarded consider security quality as paramount as an integral defence-in-depth approach to application security and in today’s cyber landscape.

MALWARE ANALYSIS AND REVERSE ENGINEERING

We carry out both static and dynamic malware analysis in order to determine the behavior of the malware propagation and payload and to understand any potential impact to a system. We simulate the impact of tampering or triggering such malware in a scenario which best corresponds to the target environment and provide feedback on removal or mitigation techniques.

MALWARE ANALYSIS AND REVERSE ENGINEERING

We carry out both static and dynamic malware analysis in order to determine the behavior of the malware propagation and payload and to understand any potential impact to a system. We simulate the impact of tampering or triggering such malware in a scenario which best corresponds to the target environment and provide feedback on removal or mitigation techniques.

SOCIAL ENGINEERING (CYBER)

In a social engineering test, we identify an organisation’s user base and, if required, third party suppliers using various methods including the collection of public information freely available from the Internet. Using this publicly available data, we attempt to garner sensitive information about a target within the organisation, including methods such as direct in-person contact, telephone calls and emails, to interact with the organisations user base.

SOCIAL ENGINEERING (CYBER)

In a social engineering test, we identify an organisation’s user base and, if required, third party suppliers using various methods including the collection of public information freely available from the Internet. Using this publicly available data, we attempt to garner sensitive information about a target within the organisation, including methods such as direct in-person contact, telephone calls and emails, to interact with the organisations user base.

Alternatively, we generate spear phishing campaigns to target a specific user/email address or range of users/addresses either researched from the Internet or provided by the organisation. In this type of targeted attack, a payload is delivered via email or the Internet which has the potential to compromise the host or network when executed. An organisation’s agreement on the exact scope and scale of a social engineering exercise is required and only benign, proof-of-concept payloads are used.

UK GAMBLING COMMISSION IT SECURITY TESTING AND AUDIT SERVICES

For holders of all remote gambling operator licences including specified remote lottery licences, CyberGuarded’s security testing professionals and ISO27001 lead auditors work with organisations to implement, develop and be ‘audit ready’ to meet the UK Gambling Commission’s IT Security Testing & Audit standards and requirements.



UK GAMBLING COMMISSION IT SECURITY TESTING AND AUDIT SERVICES

For holders of all remote gambling operator licences including specified remote lottery licences, CyberGuarded’s security testing professionals and ISO27001 lead auditors work with organisations to implement, develop and be ‘audit ready’ to meet the UK Gambling Commission’s IT Security Testing & Audit standards and requirements namely:

  • Testing strategy for compliance with remote gambling and software technical standards
  • Security audit requirements


CYBER INCIDENT RESPONSE & DIGITAL FORENSICS

Our Incident Response and Digital Forensics services use computer investigation and analysis techniques to determine the methodology of how a security incident, such as computer crime, misuse of IT assets or theft of sensitive data, occurred and to provide any necessary evidence for legal or internal administrative use.



CYBER INCIDENT RESPONSE & DIGITAL FORENSICS

Our Incident Response and Digital Forensics services use computer investigation and analysis techniques to determine the methodology of how a security incident, such as computer crime, misuse of IT assets or theft of sensitive data, occurred and to provide any necessary evidence for legal or internal administrative use.

Our incident responders and forensic investigators use industry standard, repeatable techniques for securing and evaluating an electronic incident, conducting preliminary interviews, documenting the incident scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence and provide a detailed report on all incident response and forensic activities.

ISO27001 ALIGNMENT, GAP ANALYSIS AND IMPLEMENTATION

Our experienced consultants lead organisations through the initial introductory phases of ISO 27001, including demonstrating the advantages of compliance to business stakeholders as well as IT stakeholders. We assist internal teams in the implementation of the standard.



ISO27001 ALIGNMENT, GAP ANALYSIS AND IMPLEMENTATION

Our experienced consultants lead organisations through the initial introductory phases of ISO 27001, including demonstrating the advantages of compliance to business stakeholders as well as IT stakeholders. We assist internal teams in the implementation of the standard.

In addition to ISO27001 implementation consultancy, we offer a range of ISO 27001 auditing services, including:

ISO27001 Gap Audit - Identify the things that your organisation needs to do to obtain certification to information security standard ISO 27001.

ISO27001 Internal Audits - Perform regular independent internal audits of your ISMS as required as part of adhering to the ISO27001 information security standard.

AUDIT / DEFEND / COMPLY
Recognition for our work
We have worked on an extensive range of cybersecurity projects within both the public and private sectors throughout the UK, Ireland and Europe.

We have long term partnerships with many clients who recognise the need to “Audit, Defend,Comply”.



LONDON
Cyber Guarded
2nd Floor Shaftesbury House
151 Shaftesbury Avenue
London
WC2H 8AL

Tel. +44 (0)845 004 6118
Email. info@cyberguarded.com

BELFAST
Cyber Guarded
Winter Gardens, 34-36 Alfred Street
Belfast, County Antrim
Northern Ireland
BT2 8EP

Tel. +44 (0)845 004 6118
Email. info@cyberguarded.com

DUBLIN
Cyber Guarded
6-9 Trinity Street
Dublin 2
County Dublin
Republic of Ireland

Tel. +353 (0)1 617 7847
Email. info@cyberguarded.com