Robust but pragmatic approach to cyber consultancy

The Challenge:

CCL was engaged by the client to perform a review of their Cyber Security.

Overcoming the Challenge: CCL used the engagement model 'OCTAVE' (Operationally Critical Threat, Asset, and Vulnerability Evaluation), a security framework for determining risk level and planning defences against cyber assaults, involving a review of the organisations processes, people and technology. This framework helps organisations minimise exposure to likely threats, determine the likely consequences of an attack and deal with attacks that succeed.

CCL conducted structured one to one interviews with a cross section of staff and ran a series of workshops with the IT team to construct profiles of the threats the organisation faced, based on the relative risks posed. An initial report was then produced including SWOT analysis and a high level ‘Statement of Cyber & Information Governance Requirements’ was created, including Gap Analysis, between current status and good practice.

The Result:

The report was used to engage with senior management to develop a series of recommendations, and an action plan to address the issues identified. In developing the action plan, CCL and the client took account of the severity of each threat, the likelihood of occurrence and the impact. The action plan also reflected the cost of remediation and budgetary constraints, the ease with which the organisation could complete the changes, as well as staff availability and skills to implement the changes.