Secure Business Computing Solutions Consultants have a wide range of experience working within the public and private sectors. We provide comprehensive, end-to-end consulting across a range of disciplines from Cyber Security, Information Security, IT Infrastructure and Accreditation. Our engagement approach ensures you receive a tailored service aimed at maximising existing technology investments where appropriate, coupled with a delivery methodology aimed at providing the right level of governance to ensure success.
Secure Business Computing Solutions are proud to offer our clients Cyber Essentials and Cyber Essentials Plus accreditation services as an approved Certification Body.
Cyber Essentials is a new Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. It outlines the requirements for mitigating the most common Internet based threats to cyber security. Cyber Essentials is for all organisations, of all sizes, and in all sectors, it is not limited to companies in the private sector, and is also applicable to universities, charities, and public sector organisations. Deploying these controls will assist every UK organisation in defending against the most common forms of cyber-attack emanating from the internet using widely accessible tools which require little skill from the attackers.
Cyber Essentials has been mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. As of 1 January 2016, all suppliers bidding for new MOD requirements which include the transfer of ‘MOD identifiable information’ should achieve a Cyber Essentials Scheme (CES) certificate by the contract start date. More information can be found by clicking here Defence Cyber Protection Partnership.
The Cyber Essentials scheme is divided into two certification levels. The first basic level of certification requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body such as Secure Business Computing Solutions. This is referred to as Cyber Essentials. The second level involves on-site physical vulnerability and audits of the systems in scope, carried out by an external certifying body, using a range of tools and techniques. This is referred to as Cyber Essentials Plus.
If you would like to receive more information regarding Cyber Essentials or start the certification process click here. Once contacted, Secure Business Computing Solutions will provide you with detailed information regarding the costs, process and approximate time scales. Once you are ready to start the process we will create you an account on the Online Assessment Portal so you can begin the assessment.
Secure Business Computing Solutions is proud to be able to offer our clients IASME accreditation services as an approved Certification Body.
The Information Assurance for Small to Medium Enterprises (IASME) Governance standard, is based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government. The audited IASME certification is also seen as showing compliance to ISO27001 by many larger companies.
The IASME standard was developed over several years during a Technology Strategy Board funded project to create an achievable cyber security standard for small companies. The international standard, ISO27001, is comprehensive but extremely challenging for a small company to achieve and maintain. The IASME standard is written along the same lines as the ISO27001 but specifically for small companies. The gold standard of IASME demonstrates baseline compliance with the international standard
The IASME standard, at a realistic cost, allows the SMEs in a supply chain to demonstrate their level of cyber security and that they are properly protecting their customer's information.
If you would like to receive more information regarding IASME certification or start the certification process click here. Once contacted, Secure Business Computing Solutions will provide you with detailed information regarding the costs, process and approximate time scales. Once you are ready to start the process we will create you an account for use in the Online Assessment Portal so you can begin the assement.
ISO/IEC 27001 is the recognised information security standard. Published on the 25th September 2013, it is a specification for an information security management system (ISMS). Organizations which meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.
Our consultants are ISO27001 trained and have been involved with the ISO Information Assurance standards for several years. Let us help you develop your Information security management systems, so you can achieve and maintain accreditation.
Secure Business Computing Solutions Ltd offer state of the art risk assessment capabilities tha combines information about your organisation and the types of attacker that may attack it. We call these 'Threat Actors'. Different actors have different motivations and capabilities. By mapping these capabilities against your vulnerabilities, we can derive a quantitative risk analysis and calculate likelihood of a successful attack. Our capability uses the "The Direct Attack Path Analysis (DAPA) Algorithm".
The DAPA Algorithm was developed by Professor David Stupples and his team at the Centre for Cyber and Security Sciences at City University, London. It is based on research carried out in the nuclear industry to protect staff and facilities. The method looks at all the paths by which an attacker might try to cause a breach in the organisation's system. This can be done by directly attacking from outside the perimeter of the system or by trying to have some form of malware transported into the system by a carrier (known as a mule). The mule can be knowingly maliciously attacking the system (such as in the case of a bribed employee or someone carrying a grudge), or unwittingly transporting the malware (if it is hidden or disguised as legitimate software on some device).
The paths of attack are broken down into 'Attack Vectors' and modelled based on the information we have gathered about your organisation. We use it to provide an overall probability of successful attack and the most likely means by which it could be executed.
In addition, we provide you with advice and guidance on the configuration of any systems and equipment you already have in place.
As with most things in life, your business is only as strong as its weakest link. When it comes to Cyber and Information Security, this relates to your employees whether by malicious intent or by accident. All employees are responsible for following their organisation’s security policies, but it is down to the employer to ensure that they are appropriately trained. Security training for all staff – whether permanent, temporary or a contractor – should begin during any induction process, followed by regular ‘refresher’ training and briefings. Secure Business Computing Solutions can deliver up to date Cyber Security awareness training to help keep both your organisation and clients data safe.
Cyber attacks continue to make headline news. As cyber attackers gain ground against organisations, institutions and individuals, the threat of becoming a victim of a data breach is now an imminent reality for all companies. The damage, both short-term and long-term, can be very substantial and, for some organisations - even existential.
The speed at which you identify a breach, combat the spread of malware, prevent access to data, and remediate the threat will make a significant difference in controlling risk, costs, and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring. With an effective incident response plan, you will be able to detect incidents at an earlier stage and develop an effective defence against the attack.
Phishing is an online fraud technique. Phishing attacks by criminals are designed to entice you to disclose personal information in the belief that you have clicked through to a trusted site from a link in an email or text message.
Fraudulently obtaining your security information such as user ID and password through phishing scams is the fastest rising online crime method used for stealing personal financial information and perpetrating identity theft. Find out which of your employees is vulnerable to phishing fraud and how your organisation compares with similar-sized entities in your market segment.
Vulnerability assessments, also known as vulnerability analysis, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. Vulnerability assessments are a critical part of the risk management lifecycle designed to evaluate and measure the effectiveness of your information security controls. External and Internal systems should be regularly tested (at least annually) to provide assurance that no significant weaknesses exist within infrastructure or individual systems which could impact the operations of the business.
Despite the weeks and months spent educating your users and implementing good security controls, the sad fact is, its just a matter of time before an incident occurs, so what next? You may think you now what happened but how can you be sure. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Without a thorough approach you may never know what happened or worse who was resonsible. Whatever the incident Secure Business Computing Solutions can guide through the process of piecing things together.
The compliance and risk landscape is continually changing. From May 25th 2018, the EU General Data Protection Regulation (GDPR) will come into effect and apply to every organisation that processes EU residents’ personally identifiable information (PII). The new Regulation imposes significantly tougher penalties than the current Data Protection Act (DPA) whereby a breach can lead to fines of up to 4% of annual global turnover or €20 million – whichever is greater. To ensure your company remains in compliance, Secure Business Computing Solutions are here to help and advise you on your journey GDPR compliance.
Are you confident you could maintain “business as usual” in the event of any disaster or disruption? Without adequate planning or processes in place many businesses struggle to restore services correctly following a disaster and some may even go out of business.
We understand businesses struggle to prioritise disaster recovery, because they’re overwhelmed by constant business change, the pressure of synchronising thousands of changes to recovery scripts, and a shortage of staff or technical know-how. Call Secure Business Computing Solutions today to find out how we can help you protect your business now and into the future.
At Secure Business Computing Solutions, we'll help you determine the elements you need to consider when developing and maintaining an information security policy. We'll design a suite of information security policy documents to cover all aspects of information security. Information security policies provide a framework for best practice that can be followed by all employees. They help to ensure risk is minimized and that any security incidents are effectively managed.
Secure design, and implementation principles provide the foundations upon which new technology services can be successfully enabled to support your business. Secure Business Computing Solutions can help you realise the benefits of these principles, help you become competitive and minimise the risks along the way.
Struggling to maintain you existing infrastructure or your thinking of migrating to the cloud? Secure Business Computing Solutions can help and guide you through the process and minimise the impact to existing service throughout your journey.
Well designed, reliable and secure wired or wireless networks improve the efficiency of an organisations entire system. Secure Business Computing Solutions design and implement networking systems that are easy to manage and maintain, are cost-effective, flexible and above all secure.
Technology trends like Mobility and Cloud are redefining the future of our workplace. Users are moving from physically fixed to a virtual flexible work style. There is an urgent need to move the business workloads from the desk bound, and company controlled desktop screens to a vibrant, dynamic, fluid and anytime anywhere accessible workspace through any of the devices closest to you – laptop, tablets, mobiles or in near future even through smart TVs. Secure Business Computing Solutions are here to help you make sense of it all and ensure security is wherever you are.