Cybersecurity
Our cybersecurity service helps your business to safeguard the cyber environment including ecommerce, digital services, websites and online, web applications and Internet of Things (IoT) from attackers seeking to disrupt, delay, alter, steal or redirect the flow of data.
We combine a deep knowledge and understanding of software engineering, cloud and IT with decades of experience in cybersecurity to create a formidable body of knowledge together with security frameworks that our consultants use to ensure your business operations are kept safe from professional cyber criminals. We strive to attain and maintain the security properties of your business including confidentiality, integrity, availability, authenticity and non-repudiation.
Our consultants have experience of cybersecurity across a broad range of industries including financial services, utilities, retail and ecommerce, supply chain, manufacturing and the public sector and government. Our cybersecurity team has delivered high security services up to Her Majesty’s Government (HMG) to protective marking level Top Secret.
Why Would You Need This Service?
Ensuring your cybersecurity is comprehensive, cohesive and aligned is an important and vital step. Making informed risk decisions involves risk-decision fidelity and steps to determine risk acceptance. It is both a driver and enabler of secure, safe, resilient, and reliable behaviour, as well as for addressing risk areas throughout the enterprise.
There are many reasons why your business would consider using this service including all or some of the following:
- To understand your current cybersecurity maturity level so that it can be improved;
- To identify and assess enterprise cybersecurity threats including denial of service (DoS) and distributed denial of service (DDoS), directory name service poisoning, address and identity spoofing, ransomware, software focused vulnerability and penetration testing, metasploit / ethical hacking, code review, identity and access management flaws, zero day attacks, cybercrime risk identification, financial fraud, man in the middle attacks;
- To assess and review your cybersecurity posture, controls and defences against attack across the enterprise and understand residual risks and how these can be mitigated;
- To develop cohesive cybersecurity patterns and security architecture including cloud, IdAM, mobile, DevOps, DevSecOps, SDLC, data, infrastructure, networks and applications;
- To create a prioritised cybersecurity improvements roadmap.
How We Deliver This Service
Cybersecurity can be carried out as part of a broader enterprise architecture capability development engagement including developing baseline and target architectures for business, data, application and technology. Cybersecurity utilises a subset of our enterprise security architecture and design service to provide a solid focus on security architecture for cybersecurity.
Phase 1 – Assess & Structure
- Stakeholder interviews & information gathering;
- Business and security drivers;
- Security principles;
- Cybersecurity governance
Phase 2 – Cybersecurity Architecture Definition
- Cybersecurity risk assessment, risk management & oversight;
- Cybersecurity threat intelligence and collaboration;
- Cybersecurity controls;
- External dependencies;
- Cybersecurity metasploit ethical hacking compute/networks/infrastructure – Nessus;
- DNS and DNSSEC, primary and secondary authoritative names server;
- Cybersecurity metasploit ethical hacking applications;
- Identity and access management assessment;
- Software development OWASP assessment;
- Baselining infrastructure, applications and software development;
- Security valuations;
- Security postures;
- Security domains;
- Security services.
Phase 3 – Cybersecurity Transition Planning
- Cyber incident management and resilience;
- Cybersecurity roadmap;
- Cybersecurity operations, processes and policies;
- Cybersecurity architecture document.
Deliverables
This Cybersecurity service is completed in three phases, over a three to six-month period. Stakeholder involvement throughout is essential.
EAL can deliver the service directly to the CEO, CIO or executive board; or, we can work in partnership with your internal functions or a trusted consultancy.
Phases of service delivery:
This Cybersecurity service is delivered in one (or more) iteration(s). Subsequent iterations may be performed depending on scope and context selected.
Each iteration consists of 3 phases:
- 1 – Assessment and Structure
- Information gathering;
- Stakeholder concerns;
- Drivers (business and security);
- Cybersecurity governance.
- 2 – Cybersecurity Architecture Definition
- Cybersecurity risk assessment;
- Cybersecurity threat modelling/intelligence;
- Cybersecurity controls;
- Cybersecurity vulnerability score;
- Cybersecurity posture.
- 3 – Cybersecurity Planning
- Cybersecurity management;
- Cybersecurity roadmap;
- Cybersecurity operations and processes;
- Cybersecurity vulnerability score;
- Cybersecurity execution document.
Typical Outcomes
Typical cybersecurity consulting outcomes are:
- Achieving and being able to maintain a state of coherence and managed risk;
- Establishing, attaining and maintaining the security properties of your business including confidentiality, integrity, availability, authenticity and non-repudiation;
- Attaining secure, safe, resilient, and reliable cybersecurity behaviour, as well as for addressing risk areas throughout the enterprise;
- Alignment of business goals and objectives with cybersecurity posture, risk management and governance.
Case Studies
Authenticate to download the PDF.
Contact Us to Get Started
We will come back to you to discuss your situation as soon as possible
