Do you have a Secure Foundation?
There is no single definition of what an appropriate level of security looks like. It depends on a range of factors.
It is useful to imagine this as a ladder (what I call the ‘cyber ladder’), which you should climb step-by-step.
The top step may be unclear
The top step in the ladder for your business will be different to that of a large corporation and will be influenced by many factors, including:
- Common practice across your industry peers
- The expectations (both current and emerging) of your clients and business partners
- The expectations (both current and emerging) of your regulators (e.g. CBoI; Data Protection Commission)
- The expectations of your C-suite, owner(s), and/or board members.
- The organisation’s risk attitude / appetite
- The organisation’s capabilities / constraints
The first step is always the same
While the top step may be unclear to you right now, the first step is usually the same for every business.
There are constant media reports about new types of threats and attacks, and new technology solutions to defend against these.
However, for most organisations most of the time, it’s the same subset of ‘old’ threats that pose the biggest risk.
Most attacks are not sophisticated, and most incidents occur because the organisation lacked some basic security measures.
This is why I recommend that you focus on this first step in the ladder: Ensuring you gave a strong security foundation that will reduce the likelihood and impact of the most common cyber attacks (e.g. phishing; payment fraud; ransomware).
To assist you with this initial focus, I provide two assessment services.
Secure Foundation Assessment (Workshop Edition)
What:
- Workshop-based security assessment focused on the common criminal pathways and targets: Humans, email system (e.g. Microsoft 365), and Devices.
How:
- The assessment is based around my structured questionnaire, which probes into the key elements of a secure foundation.
- I will walk through this questionnaire with you, during 2 x 60-minute workshops.
- The information that emerges from these workshops will identify the key actions required to improve your secure foundation.
Deliverables:
- A short recommendations report, written in Plain English, summarising:
- The key actions discussed during the workshops.
- The benefit and likely cost of each action.
- The relative priority of each action.
- A 30-minute walkthrough (via MS Teams or Zoom) of the recommendations report, so we can address any questions or comments you have.
Additional Benefits:
- Check-In / Review Workshop: 3 months after completion of the assessment, we will meet for 30 minutes (via MS Teams or Zoom) to review progress and identify ways to sustain / regain momentum.
When: 2-4 week duration
- The workshops can usually be scheduled within 1-2 weeks of commencement.
- After completion of the final workshop, the report will be issued and the walkthrough will be completed within 1-2 weeks.
Cost:
- €950 + VAT
Secure Foundation Assessment (Audit Edition)
What:
- Everything in the Workshop Edition, plus
- A more in-depth and independent security assessment of your systems, policies, and processes.
How:
- The assessment is driven by a set of questionnaires, checklists, and frameworks, which I have developed to evaluate the current security defences of an organisation.
- Alongside the 2 x 60-minute workshops, it will also include independent assessments, such as:
- A review of any findings / reports from any previous security assessments / tests
- A review of your current risk register and/or risk controls.
- A review of any policies or procedure documents used within the organisation (e.g. Staff policy; Acceptable Use policy)
- A review of the organisation’s email (e.g. Microsoft 365) environment.
- A review of the security configuration of one of the organisation’s desktop PCs or laptops.
Deliverables:
- A clear and detailed recommendations report, written in Plain English, that will show you how to ensure your most important data and systems are protected with an appropriate cybersecurity foundation.
- A short executive summary of the recommendations, delivered as a separate PDF file. This could be useful when communicating the key recommendations to internal stakeholders.
- An Excel-based project checklist, which will list each recommended action and include a cross-reference back to the detailed recommendations report. This can be used to guide and track your implementation of the recommendations.
- A 90-minute walkthrough (via MS Teams or Zoom) of the recommendations report, so we can address any questions or comments you have.
Additional Benefits:
- Check-In / Review Workshop: 3 months after completion of the assessment, we will meet for 90 minutes (via MS Teams or Zoom) to review progress and identify ways to sustain / regain momentum.
- Self-Attestation Certificate: I will provide a Self-Attestation Certificate which you can complete when all recommended actions have been implemented. This will attest to the steps you have taken to implement a secure foundation and can be shared with external stakeholders (e.g. cyber insurance providers; business partners; regulators).
- Regulatory assistance for 12 months: I will help you to respond to any regulatory questionnaire / query that you receive within 12 months of the commencement of the engagement (where the questionnaire / query relates to the scope of my work).
When: 6-9 week duration
- The first workshop can usually be scheduled within 1-2 weeks.
- The assessments can usually be completed within 4-5 weeks, with one 45-minute workshop / review meeting each week.
- The final deliverables and walkthrough will be completed within 1-2 weeks.
Cost:
- From €3,950 + VAT, depending on the specifics of your organisation.
Optional Add-On: Ongoing Support
- You may benefit from my ongoing support while you implement the recommended actions.
- This provides near-immediate access to my knowledge & experience, so unexpected issues or challenges can be discussed and addressed.
- From €495 pm + VAT
Primary Benefits
- Clarity about Where You Are – You will know where your security gaps are.
- Clarity about Where You Need To Be – You will be certain about what a secure foundation looks like for your organisation.
- Clarity about Your Route – You will know how to address the gaps in your security foundation so you can significantly reduce the likelihood and (financial, operational, reputational) impact of a cyber attack .
- Clear Knowledge – Our interactions during this engagement will give you more confidence about what ‘reasonable security’ looks like for your firm.
- Strong Foundation – Your secure foundation will also prepare the ground to align your cybersecurity measures to the specific expectations of regulators if or when you choose to do so (e.g. aligning to CBoI’s guidance of 2016; complying with the DORA regulation that comes into effect in January 2025).
Payment Terms & Guarantee:
- Full payment is due in advance.
- If you are not completely satisfied with the outcome, and we are unable to agree a way to address this dissatisfaction within 30 days of your issue being raised, you will receive a full refund.
To discuss whether these services could be a good fit for you, schedule a quick call.