Context are accredited by a number of these schemes to provide the services to ensure your organisation meets the necessary standards.
Cyber Essentials & Cyber Essentials Plus
The UK Government's Cyber Essentials scheme is designed to make the UK a safer place to conduct business online. The Cyber Essentials scheme identifies some fundamental technical security controls that an organisation needs to have in place to help defend against internet-borne threats.
The scheme consists of 5 baseline controls that businesses should have in place as their presence reduces the risk of data breaches from internet based attacks.
These five controls are:
- Boundary Firewalls
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Being certified for Cyber Essentials is now mandated for businesses that require access to UK Government information.
The Cyber Essentials scheme has two parts:
- Cyber Essentials - A first stage that conducts an external vulnerability scan accompanied with a questionnaire, which ensures that internal processes are in place to ensure that best practice is in use. Once this stage has been passed a company is certified as passing Cyber Essentials.
- Cyber Essentials Plus - The second stage is the Cyber Essentials Plus certification. This encompasses a detailed assessment of your infrastructure, with detailed examination of the technologies and servers in use within the company. Once a company had demonstrated that they have created a secure environment they will gain the Cyber Essentials Plus Badge.
Context is certified to provide both assessments for UK businesses.
By offering the Cyber Essentials Plus services Context can ensure that companies undergoing the program have a smooth journey toward certification. It is our goal to encourage all our customers to undergo this program and reach Cyber Essentials Plus certification. This assessment offers a higher level of assurance than the foundation Cyber Essentials assessment alone as it entails both an onsite and remote verification that controls have been met, and is an important step toward establishing world-class information security practices that meet business needs.
Businesses that satisfy the verification requirement will be issued a certificate demonstrating they meet the criteria. The certificate is valid for a maximum of a year. Re-certification may be required in the event there are changes to the environment.
As a CREST founder company, Context was consulted and provided input at the formulation stages of the scheme and continues to do so as the scheme matures.
Further detail of the Cyber Essentials scheme, are available here.
CREST STAR Assessments
Simulated Target Attack and Response (STAR) services represent a platform for financial services and critical national infrastructure businesses to share threat and intelligence systems. The assessments or tests are primarily threat intelligence-led penetration tests and are considered to be the most realistic form of assurance service within the sector.
The test takes threat intelligence information to deliver highly targeted attacks against an organisation to simulate sophisticated threat actors, our consultants then deliver realistic attack simulations. These simulations provide assurance that organisations have appropriate countermeasures and responses to detect and prevent cyber-attacks.
Context has been performing simulated targeted attack and response engagements for global clients for several years. Using real-world data about attackers from our Response team, we perform focused and realistic exercises that map to sophisticated attacks.
STAR assessments allow Context to identify weaknesses that go beyond the technical vulnerabilities typically found in a penetration test, and to assess an organisation's overall capability to prevent, detect, and respond to a compromise.
NCSC CHECK IT Health Check
A NCSC CHECK IT Health Check (ITHC) identifies vulnerabilities in HMG IT systems and networks to assure the confidentiality, integrity or availability of information held on that IT system. Using certified testers who are regularly assessed to validate their penetration testing knowledge and capability, an ITHC is as much about risk assessment as it is penetration testing, and assesses the security posture of the environment as well as the data stored within.
Context has one of the UK’s largest pools of CESG CHECK certified penetration testers.
With GDPR coming into effect in early 2018, our team can also advise on all aspects of GDPR compliance, from data management and classification, to key control maturity assessments, creating a complete transformation roadmap tailored to your organisation.