Experiencing a Security Breach?
contact@prisminfosec.com +44 (0) 1242 652 100 +44 (0) 1242 652 100

Archives: Services

Cyber Essentials Plus Certification

  • Implement and maintain Cyber Essentials Plus which is an enhanced level of cyber hygiene as defined and recommended by the National Cyber Security Centre (NCSC)
  • Ensure your organisation is compliant with the Cyber Essentials Plus standard
  • Certify your organisation to Cyber Essentials Plus

The Cyber Essentials scheme is a cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.

The scheme focuses on the following five essential mitigation strategies within the context of the 10 Steps to Cyber Security guide found on the National Cyber Security Centre’s website: –

  • Firewalls
  • Secure Configuration
  • Access Control
  • Malware Protection
  • Patch Management

Cyber Essentials Plus is a pre-requisite certification for supplying to some elements of UK Government, Defence and Healthcare.

It provides organisations with clear guidance on implementation as well as offering independent certification following the provision of a self-assessment questionnaire to a certifying body, supplemented with a vulnerability scan of the organisational perimeter.

Following a layered approach, the  assessment additionally includes an onsite technical review of the build and maintenance of the organisation’s workstations and mobile devices, including checks on: –

  • Patch levels of the Operating Systems
  • Patch levels of additional applications installed (Office, Adobe, Java, Firefox, Chrome etc)
  • Up to date mobile Operating Systems
  • Up to date mobile applications
  • Lock screens enabled on mobile devices
  • Other configuration and account handling weaknesses associated with the build of the devices.

Additionally, how the organisation manages the handling of known (but non-malicious in our test cases) malware originating from Internet downloads and emails is assessed.

Cyber Essentials Plus is a pre-requisite certifications for supplying to some elements of UK Government, Defence and Healthcare.

Call us on 01242 652100 for an initial free consultation and scoping call. Alternatively, request a datasheet using the form below or email us at: contact@prisminfosec.com

University IT Security Health Check

Universities as places of learning depend on the ability to share data but need to do so without introducing undue risk to its data used by students or staff. A University IT security health Check  (ITHC) will provide you with the assurance that your data is appropriately protected.

  • Identify publicly available data with an Open Source Intelligence exercise
  • Identify vulnerabilities between Campus and University Business Systems
  • Assess the risk of a phishing attack
  • Reduce IT risk and address vulnerabilities that could result in data loss

A recent test of UK university defences against cyber-attacks, found that in every case, hackers were able to obtain “high value” data within two hours (source: BBC News).

With more and more personal and sensitive data being held by Universities and Research Centres, these institutions are at an increased risk of attack or a breach.  Phishing attacks are particularly prevalent, with phishing emails becoming more sophisticated and authentic looking.

With many years of experience of evaluating security, penetration testing and conducting red teaming exercises for our clients, Prism Infosec is ideally placed to offer this short and competitively priced University IT Security Health Check.

The service is designed to be delivered in less than a week, with an initial Open Source Intelligence test to identify vulnerabilities in publicly available data:

  • OSINT Assessment
  • Assessment of Campus to University business unit Security (e.g. HR, Finance et al).
  • Architecture Review
  • Simulated Phishing exercise (Up to 300 accounts)
  • Full report with Executive Summary and remediation recommendations
  • Health Check debrief if required

University ITHC deliverables include a report highlighting areas of IT risk identified and prioritised and pragmatic recommendations for reducing this risk.

A further optional on-site debrief of the key findings and recommendations can also be provided, if required, which can facilitate interactive discussion of key points with internal teams.

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

Frequently Asked Questions

a

How does this service differ from our annual Pen Test?

The IT Security Health Check will focus on other areas that may not necessarily be assessed during an Infrastructure or Web Application Pen test. This service is a focussed test which simulates the approach that real hackers may take to compromise your systems.

a

What preparation does this assessment require from my organisation?

For the OSINT Assessment, no details or preparation is required. This is essentially a “black box” engagement, where our Consultant will use a toolkit to attempt to find available data, just as a real hacker would.  For the Internal Pen Test element, we may need a few details to enable a smooth and effective test.  For the Phishing exercise, we just require the target email addresses, and potentially a relevant theme for the email content.

a

I have concerns regarding a specific area, can I focus the investigation on a smaller area?

Yes, our consultants will work with you to determine areas to focus on. This may mean a separate engagement to the Health Check package.

a

Will the assessment be conducted onsite or offsite?

The majority of the test can be conducted remotely, however there may be some elements that will require a consultant to conduct testing onsite.

Managed Security Operations Centre (SOC), powered by Chorus

We have partnered with Chorus, a transformative Managed Security Service Provider (MSSP), providing an alternative to the traditional cyber security provider.

Advanced managed security services are delivered via the Chorus UK-based Cyber Security Operations Centre (CSOC) and powered by Microsoft’s cloud-native MXDR and SIEM/SOAR technologies, Microsoft 365 Defender and Microsoft Sentinel.

Cyber security attacks are increasing in frequency and sophistication, which is why cyber security is a key business priority. Today, organisations need to reduce the likelihood of an attack, proactively detect threats, and rapidly respond to reduce potential business impact. To achieve this, organisations need the right processes and technology in place with a team of highly skilled security experts, however for many, this is uneconomical to build and maintain internally.

Cyber security is a key priority

  • Are you struggling to stay ahead of evolving threats?
  • Are you having difficulty managing security internally?
  • Is there a cyber security skills shortage?

Service Benefits

Modern and innovative CSOC

Our 24x7x365 CSOC makes best use of technical innovations and cutting-edge cloud security technologies to deliver an advanced service. Underpinned by our team of highly skilled and experienced CSOC analysts, our team protect your organisation around-the-clock.

Leading technical architecture

Built on Microsoft 365 Defender and Microsoft Sentinel, our CSOC architecture is built to best-practice to benefit from cutting-edge automation, machine learning, AI and integration to reduce alert noise, automate common tasks and accelerate threat detection and response times.

Proactive and preventative protection

We take our managed security services a step further by building in pre-emptive protection through advanced threat hunting and cyber threat intelligence to proactively block emerging and unknown threats before they occur.

Rapid threat detection and response

Through our skilled SecOps team, advanced technology and use of automation, we ensure cyber threats are quickly identified, investigated and remediated – reducing the likelihood and potential impact of successful attacks, to keep your organisation ahead of evolving threats.

Mature services

With over 20 years experience delivering managed services, Chorus have a mature service delivery model to complement their technical skills. Through continual service improvement, service governance and reporting they ensure optimal service delivery.

Risk reduction

With proactive threat detection, investigation, hunting and response, your organisation is better protected and cyber risk is greatly reduced. This helps you to reduce cyber insurance premiums, meet compliance regulations and benefit from peace of mind against increasingly costly attacks

Lite versions of all three services available that only covers alerts classified as Medium or High in Microsoft Sentinel.

Which level of service is right for you?

MICROSOFT-VERIFIED MXDR

Chorus are members of the Microsoft Security Intelligent Association (MISA) and our managed services have been awarded Microsoft-verified MXDR solution status, proving the calibre of our service and CSOC.