Cyber Security and Compliance Services

Cyber Essentials accreditation is now mandatory for organisations supplying the public sector in Wales and Scotland on certain projects and a growing number of private sector organisations insist on it throughout their supply chains.

Cyber Essentials consists of a set of security best practices which together insure that your organisation is protected from known common Cyber Attacks. Apart from helping you sleep easier, the standard is a big step towards compliance for GDPR and all other industry specific regulations.

Connexion will work with your organisations whatever its size and get it ready and certified quickly and cost effectively

Readiness

To make the process of certification cost effective its best to commence the certification process once you know your infrastructure is ready. Connexions Cyber Essentials readiness service consists of a Gap Analysis and External and internal Vulnerability scans by one of our GCHQ approved Cyber Security consultants. Once the gaps and vulnerabilities have been identified they will be quickly mitigated so that you organisation is set to begin the Certification audit.

Certification

Connexion provide a fixed fee Certification service with a ‘No Certification no Fee guarantee’. Our Certification Partner Xyone Cyber Security will complete an onsite audit of your infrastructure and will provide a report, if a pass isn’t issued immediately Connexion will address any non-compliances until a pass is issued guaranteed in under 30 days.

The reality is that keeping your data secure is a constant endeavour. Threats are changing, and new vulnerabilities are continuously being discovered in hardware and software, to successfully manage your organisations risk you need to be proactively employing a number of different practices to mitigate a myriad of different threats and vulnerabilities.

• Data Security Policies and staff training
• Security Incident management
• Vulnerability scanning
• Hardware and software patching
• Disaster recovery planning
• Service management

The best way of identifying weaknesses and security vulnerabilities on your network is by running a vulnerability scan. A Vulnerability scan reveals the actual vulnerabilities that exist on your infrastructure and thus validates that the security patches that have already been applied have been done so successfully, which is not always the case. A Vulnerability scan will also reveal new vulnerabilities that need to be addressed.

Assessment and Patching

Connexion's Managed Security Service is a process of regular scanning, assessing and patching of vulnerabilities. Due to the sheer number of new vulnerabilities that naturally occur, patching everything immediately simply isn’t realistic. Furthermore, often it’s critical that new patches are not applied to your system as applying them introduces more risk to your business continuity than not applying them as they may conflict and disrupt existing services on your infrastructure.

To minimise the risk of business interruption and to ensure that patching is focused on the most important vulnerabilities Connexion carry out assessments as part of all vulnerability scans. Vulnerabilities are assessed and prioritised using the Common Vulnerability Score System – CVSS. All patches are also tested and reviewed for conflicts within your existing infrastructure before being applied.

Penetration testing is vulnerability scanning taken to another level by evaluating your system’s security and attempting to expose and exploit vulnerabilities and weaknesses through a simulated attack by a Certified Ethical Hacker (CEH).

Network Penetration testing

Network Penetration Testing goes beyond vulnerability scanning, to evaluate a system’s security, while attempting to expose and exploit vulnerabilities and weaknesses through a simulated attack. Bypassing known security weaknesses, the Certified Ethical Hacker (CEH) performs manual penetration testing in an attempt to branch out and gain further access to other applications, databases and resources, disrupting or damaging any of your systems and processes. Follow-up reporting will detail all weaknesses and vulnerabilities, which are validated by our team, and accompanied with appropriate recommendations.

Cloud Penetration testing

The safety of your company’s assets depends on the security of your cloud-based infrastructure just as much as your in-house IT environment. Security should be a key consideration when selecting a cloud services provider, and our Cloud Penetration Testing Service can help you determine how secure your assets in the cloud really are.

Penetration testing on applications hosted in the cloud is based on the same principles as those deployed as part of our Web Application and Network Penetration Services, on relevant infrastructure and software. However, allowances are made for data being housed in a shared environment, and the potential compromises that this can bring about. As an end user, it is your responsibility to ensure that the security of any operating systems and applications hosted in the cloud are continuously maintained and tested, and that you are always aware of the location of your data.

Mitigate is a process which has proven to dramatically reduce a company’s cyber risk. When 41% of security incidents suffered were caused by internal breaches or errors, it is imperative that all staff have the policies, procedures and training in place to take responsibility for their own cyber defence.

Created by Connexion partner Xyone Academy, based at Lancaster University, and certified by the UK Governments Communication Headquarters, GCHQ, this suite of policies and training can provide ready to use Data Security Policy framework or it can be tailored to a firm of any industry or size.

Mitigate can assist companies to establish a better security culture within the organisation by having clear engrained policies, scenario-based e-learning training and assessments, creating a clear audit trail to mitigate your risk.

The Solution

Mitigate is an internal threat mitigation solution which reduces your risk of a Cyber Attack by equipping every individual member of staff with targeted, simple awareness on the following areas of cyber security concern.

• Online Security
• Information Security
• Remote security
• Workstation security

This is achieved by having:

• 12 GCHQ Certified Information Security Policies, which embed the generic rules of cyber security, and are updated on a 12 monthly basis with full version control.
• 12 GCHQ Certified Cyber Awareness E-learning 15 minute Training Modules to reinforce what each policy actually means to the end user.
• A full regulatory audit trail to evidence:
  • Staff have completed security training
  • Staff Acceptance that they have understood Security training and Policies

Human Risk Management

Mitigate provides a dashboard which enables your organisation to quickly identify departments or individual members of staff that represent a risk to your data security and which require special training.

Connexions GDPR audit provides a comprehensive assessment of your organisations data security focusing specifically on personal identifiable information across all of your digital assets.

• Data storage residency of data and data transfer compliance
• Cyber Essentials compliance
• Information Security Policies
• Data Retention Policies and procedures
• Incident response plans
• Data Protection Policies and Procedures
• Mobile Working
• Website Assessment
• Web application assessment

Following the audit, we will provide your organisation with a report detailing our findings and highlighting specific areas of concern for review, including recommendations and budgetary costs for any remedial work or services that may be required.