Our cyber security services include risk management, incident recovery planning, security assessment and penetration testing. Read below or contact us for more details.
Cyber essentials
The UK Government scheme is designed to protect organisations against 80% of the most common cyber-attacks, which can impact businesses of all sizes, industries, and sectors.
The five controls within the Cyber Essentials scheme are designed to protect your organisation against these types of cyber-attacks and guard your internet connection, devices, data and services.
We are a certified IASME Gold Cyber Essentials Auditor offering two levels of certification:
Basic Level Cyber Essentials certification is self-assessment and provides a basic level of assurance that the controls have been implemented correctly by the organisation.
Cyber Essentials Plus covers the same requirements but in addition includes an on-site audit and therefore provides the independent assurance of the effectiveness of these controls.
Cyber incident recovery planning
An ever-increasing number of cyber-attacks are being carried out year on year, and nearly half (43%) of all cyber-attacks are now targeting organisations with 250 employees or fewer, which means the likelihood of being the victim of a cyber-attack is higher than ever. And while it is essential to take steps to prevent cyber-attacks, it is abundantly clear that it can still happen to you regardless.
Our approach begins with a cyber risk assessment to identify the areas where you are most exposed to a cyber-attack. This helps determine the types of incidents that can potentially occur and provides a baseline for establishing cyber disaster scenarios on which to base your cyber disaster recovery plan.
We work collaboratively with your organisation to develop practical recovery plans that meet your specific recovery criteria, focusing on breach containment and recovery to normal operations.
MS365 security assessment
With the ever-increasing popularity of cloud-based computing, there is a notable rise in security incidents involving Microsoft 365 and the associated services. Microsoft 365 is targeted disproportionately by criminals and cyber-attackers due to its relative popularity and the wealth of company data hosted on the platform.
Compromising Microsoft 365 tenants, predominantly via phishing or other social engineering attacks, allows attackers to remotely access sensitive data in the cloud without penetrating the corporate perimeter.
Our Microsoft 365 Security Assessment reviews your configuration and internal procedures to ensure your organisation implements best security practices on your Microsoft 365 tenancy.
Cyber risk management
Our economy, society and individual lives have become transformed by digital technologies. They have enabled improvements in science, logistics, finance, communications and a whole range of other essential activities.
Consequently, we have become reliant on digital technologies leading to potential data breaches and hacking exposing our organisations.
Our cyber team can help your organisation mitigate risk by helping you:
- Identify the cyber risk
- Assess the impact on the business
- Understand incident level
- Review risk treatment options
- Create an organisational strategy
- Carrying out a technical overview
- Review of systems and practices
- Identify internal vulnerabilities
- Review policies and procedures
Penetration testing
High-profile security breaches continue to dominate the media headlines. Breaches are growing in amount and complexity while malicious hackers actively develop new and more sophisticated forms of attacks every day. Having anti-virus software and a firewall, as well as assuming that your business is secure, is no longer enough.
Modern businesses require an advanced approach to security and due diligence, and this includes the need to test their resilience in the face of cybersecurity threats.
We offer a range of penetration testing services to help you avoid costly security breaches that put your organisation’s reputation and customers’ loyalty at stake by finding security vulnerabilities before an attacker does.
Our services include:
- Web and mobile application testing
- Internal and Onsite testing
- Infrastructure Vulnerability Testing
- Phishing simulations
Virtual Chief Information Security Officer (vCISO)
Chief Information Security Officers (CISO) perform an essential role within many organisations, creating and ensuring delivery of security strategies that deal with increasing regulatory demands and emerging, ever evolving cyber threats. It is a senior level role and brings the CISO into contact with C-suite executives, as part of the leadership team within the organisation.
Mid-sized organisations often require a range of resources that extend beyond the standard CISO remit, with additional technical, communicative, administrative, compliance and project management needs – required to support and facilitate a strong and ever evolving information security framework.
Moore ClearComm’s virtual CISO (vCISO) service delivers a comprehensive, outsourced platform with the experience, technical acumen, structure and range of resources your organisation requires in order to build and maintain an effective information / cyber security program. vCISO offers a cost-effective alternative to employing a CISO full-time and provides a robust, wide ranging security service package.
vCISO supports your senior leadership, privacy, security and technology teams to ensure your information assets are safeguarded – while ensuring business operations are underpinned with a range of information governance expertise. The result is reduced business risk, a clear commitment to data security and an enhanced security posture, reassuring your clients, stakeholders and supply chain.
SOC2 implementation and auditing
SOC2 compliance is a component of the American Institute of Chartered Public Accountants (AICPA)’s Service Organization Control suite of services. Its goal is to make sure that Service Providers’ systems are set up so, they assure security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 compliance is a minimum requirement for many US-based listed companies when considering a third-party service provider, particularly for providers of Cloud-based applications.
Through our background in SOC 2, IT and security auditing, our consultants understand the level of rigour required for a service provider to prepare for and pass SOC 2 Type 1 and Type 2 audits.
IASME governance certification
The IASME Governance certification was developed to create a cyber security standard that would be an affordable and achievable alternative to the international standard, ISO27001.
The IASME Governance standard allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost. It indicates that they are taking relative steps to protect their customer’s information correctly.
The IASME Governance assessment includes a Cyber Essentials assessment. The evaluation also includes an optional assessment against the GDPR requirements
ISO27001
ISO27001 (ISO/IEC27001:2013) is the internationally accepted management system standard for Information Security. The standard is well recognised worldwide, ranking as one of the most popular global information security standards. An ISO 27001 certification demonstrates that an organisation can protect their data systems and information assets, keeping them safe and secure.
Our implementation approach is shaped by pragmatism and years of experience in information security – we focus on what is required to manage information security well within your organisation, with ISO 27001 certification.
ISO27701 privacy information
ISO 27701 is a privacy extension to ISO 27001 and is specifically designed to help protect and control the personal data you process. The Privacy Information System (PIMS) is used to demonstrate compliance with relevant global privacy regulations.
A Privacy Information System in conjunction with ISO 27001 is a practical management tool to help you stay on top of privacy within your organisation.