Information Security

info-securityInformation is your organisation’s greatest asset and must be safeguarded.  Failure to do so can result in minor inconvenience, embarrassment or company failure.  The UK government’s cyber security strategy states that they want to make the UK the safest place to do business.  To achieve this all organisations, large or small, in the public, private, charitable or fourth sectors, must ensure they have taken appropriate measures to safeguard their valuable information.  We can help you identify your risks and the best practice controls to address them.

ISO/IEC27001 is the international best practice standard for information security and the UK government is encouraging organisations to seek certification against this standard in order to ensure that the whole supply chain is protected appropriately.   We can help to prepare you for certification or check your current practice prior to a formal certification visit by an authorised organisation.

IASME – Information Security for Small and Medium Enterprises – is a relative newcomer to the security world.  The certification ranges from a straightforward self-assessment through to the Gold level assessment where an independent assessor has checked the secure operation of the organisation.  This certification may attract significantly reduced-price cyber insurance as well helping to deal with the seemingly inevitable issues that arise from being connected to the internet.

Cyber Essentials and Cyber Essentials Plus – This is a scheme devised and sponsored by DCMS which provides organisations with a straightforward way to have their basic cyber security checked and validated.  Ensuring that all the controls are in place, operating effectively and being optimised at level 3 maturity, provides a high chance (~80%) that any straighforward attack will not have any significant impact.  For information about how to become certified, or about becoming a certification body click here:  Cyber essentials

We have certifications from CESG (GCHQ) the UK government’s National Technical Authority for Information Security which ensure that the information and advice provided is accurate and up-to-date.  We can help with advice and gap analysis to see what your organisation might need to do to meet the best-practice requirements, including looking at technical IT security measures, business continuity planning, system contingency plans and disaster recovery plans.  We would also review the appropriate use of physical, procedural and technical controls. The next fire, flood, strike or virus attack could seriously affect your staff, cash-flow, buildings or reputation.  Indeed it might even be your neighbour’s problem that spills over into your work environment and cause you issues.  Some of the biggest companies have failed as a result of not being properly prepared—let Aquila help you to ensure that you are.

Aquila is also able to offer assessments using APMG’s Cyber Defence Capability Assessment Tool (CDCAT®).  This tool, developed by the MoD and Dstl is a quick way of ensuring the existing controls protecting your organisation are working at the appropriate level of maturity to provide you with the protection you want and need.  Assessments take less than half a day for any system and produce a comprehensive report that identifies those controls which are not performing at the necessary level of maturity and helps to develop the strategy to deal with the vulnerabilities discovered.  The report has sections designed explicitly to address the concerns of senior managers as well as technical solutions and best practice advice.  It has all the major security frameworks mapped into it and so can also produce a report against your preferred standard be it ISO27001, Cyber Essentials or something else.