RBC Group has extensive experience in delivering Cyber security advice to customers. Whether it be to Commercial, Public Sector or NHS clients we have the experience and knowledge to provide value added service that can enable your business for the secure digital age.
RBC Group consultants are skilled in providing risk advice, security architecture definition and review, auditing, compliance and accreditation services in all elements of ICT, including cloud, off shore, near shore and locally hosted infrastructure.
We have vast experience within central government, commercial and NHS organisations, securing some of the most important data within the UK.
RBC Group services can be tailored to meet your requirements. We will always provide a professional, reliable and skilled service to meet and exceed our client’s expectations.
CYBER SECURITY BUNDLES
From a small scope security control review and assessment, to producing a detailed risk assessment or supporting an implementation of ISO27001:2013, Cyber Security Bundles provide a fixed package solution.
We can help you determine the best fit bundle for you following initial conversations.
PLATINUM – 20 DAYS
For an overall organisational view, the package can be used to provide a detailed understanding of the organisations security posture control review, training and awareness review, policy and process review, physical security review, ITHC and aGap Analysis to an agreed security standard (e.g. ISO27001).
The Platinum bundle can be used to provide a detailed review of the organisations security posture. RBC Group consultants will review the security controls currently implemented, including perimeter security, access control, vetting and employment checks, remote access, mobile devices usage, ICT acceptable use, patching and anti-virus, change control and risk management, amongst others. Also reviewed will be security training and awareness provision and the material in place to provide this to staff and third parties. A fundamental review of the policies and processes in place, in line with ISO27001 and ISO27002, with suggestions on improvements and missing documentation were necessary.
A basic physical security review can be conducted in line with ISO27001 and the requirements for storage of HMG data marked as OFFICIAL, this will include the requirements for CCTV, security guards, and access control. A suitable scoped ITHC can be provided, though scale and scope will need to be agreed beforehand, this will primarily focus on perimeter security and configuration of firewalls, routers and basic DDOS tests. Finally, a gap analysis against the ISO27001 controls set will be produced with recommended improvements where necessary. A standardised report will provide summary of all the findings.
A Platinum level package can also be used to provide a detailed risk assessment document to an agreed methodology or an update to a previously written document that requires to be moved into a new format; such as an IS1/2 RMADS.
GOLD – 15 DAYS
For an overall organisational view, the package can be used to provide a more detailed, than the Silver package, understanding of the organisations security posture. Including a level of security control review, training and awareness review, policy and process review, physical security review and IT Health Check (Penetration Testing).
The Gold bundle can be used to write a compliance document to support an attestation of compliance to the HMG G-Cloud Cloud Security Principles, or to provide a Privacy Impact Assessment document to ensure conformance to the Data Protection Act 1998.
A Gold level package could also be used to produce a baseline security architecture document, that will provide the organisation with a view of the threats, risks and controls required to limit risk and suitable secure ICT and customer data, for example.
SILVER – 10 DAYS
For an overall organisational view, the package can be used to provide a more detailed, than the Bronze package, understanding of the organisations security posture. Including a level of security control review, training and awareness review, policy and process review, physical security review, report.
The Silver bundle could be used, for example, to provide an organisational security audit against ISO27001:2013. RBC Group consultants would prepare for the audit with an initial meeting and preparation day, to understand the scope, audit parameters and stakeholders involved. The audit team would then visit the site or site(s) identified and perform the audit as an external accreditation body, whilst providing key feedback and reporting to the organisations senior management team or board.
A Silver level package can also be used to provide a detailed review of contractual security terms and conditions as provided by a new customer or to work with contract teams to develop suitable security schedules for suppliers to adhere too.
BRONZE – 5 DAYS
For an overall organisational perspective the package can be used to provide a limited security control review, training and awareness review, policy and process review.
For example, the Bronze bundle could be used to support a certification to the Cyber Essentials standard (CES). This would involve consultancy support to complete the CES questionnaire, including the review of security controls in place, the review of any areas of risk and the implementation of mitigating controls. RBC Group consultants can also advise on the production of policy documentation and security architecture of ICT systems.
A Bronze level package can also be used to provide security control review, both policy and technical to provide a level of risk exposure and an understanding as to where an organisation must improve. Small scale training and awareness training package, including organisational review, presentation production and presentation or a limited security policy and process review and production.
End to End security consultancy – project, threat/risk/compliance, design, implementation – bespoke timescale dependant on requirements.
Security and Cyber are intimidating words for any organisation. Understanding the risks, controls and compliance issues before you start any project is key to a successful implementation, as is ensuring any risks that are identified are successfully mitigated or controlled. Furthermore, identifying and implementing a secure design reduces the exposure that you have to any security incidents and ensures you control access to the key data you own and control.
Cyber Security Lifecycle covers end to end security in locally hosted, near and off-shore locations and cloud deployments, and includes but is not limited to:
– Understanding who or what is a danger to your organisation and its assets.
Risk Identification, Assessment & Management
– Identifying the risks that the threats pose, assessing how they may affect the organisation and treating those risks so the impact is reduced or mitigated.
Security Policy Production
– In accordance with the organisations requirements and in line with security best practice, including ISO27001, an ISMS (Information Security Management System).
– Ensuring that what you are looking to implement or the service you are providing is in line with security best practice and legal statute, such as the Data Protection Act 1998.
Security Design & Architecture Review
– Either the production and design of a security architecture with appropriate documentation or the review of an existing design.
Ongoing Project Consultation On A Requirements Basis
– The provision of ad-hoc, as required, consultancy services to support the organisation through project and BAU activities.
ITHC Scope, Implementation & Risk Treatment Review
– The engagement of ITHC consultants and the production and design of an appropriate scoping document, with the management and production of a risk treatment plan once the testing is complete.
By engaging RBC Group, you can be assured that you are being given the best advice from consultants who are experienced in securing key business systems used in large commercial organisations and high profile central government departments.
To facilitate the Cyber Security Lifecycle service, an initial consultation is required to ensure that RBC Group can provide a valued and quality service and to estimate the days required to complete the assignment.