Assured Advisory
Cyber Resilience
Traditional cyber security programs focused on perimeter protection and vulnerability management are no longer sufficient to protect modern computer networks from sophisticated cyber threats. A defence in depth approach presumes your network will be breached, and puts robust resilience measures in place to protect the availability your organisation’s services and assets.
Business continuity:
Disruption to IT systems is unavoidable. But prolonged IT disruption can have a severe impact on your operations, and ultimately financial performance. Preparing contingency plans for unexpected IT system disruption is an essential aspect of robust cyber security, but you can’t protect everything all the time, and you can’t prioritise what to protect if you don’t have clarity on what matters to you most. Our comprehensive business continuity program has been designed on years of business continuity experience. We establish your minimum viable company (the bare minimum of services and data you need to function as a business) and assess the business continuity measures you have in place to protect the availability of these. Where business continuity measures fall short, we recommend improvements, implement changes, and expand the scope to include less essential services and data, to give you confidence that your business is resilient to even serious IT disruption.
IRP, playbooks, comms templates:
Creating genuinely useful incident response documentation is difficult. All too often we see incident response plans reach over 30 pages, which renders them useless in a crisis situation. Through running countless tabletop exercises, and supporting real cyber incidents, we have learned what sections of an incident response plan really add value to your response, and those you can omit or shift to an appendix. Major cyber incidents are chaotic, and incident-specific guidance is required to ensure that all response steps are thought through in a systematic manner. Communications during a breach is extremely challenging – requiring the right level of transparency and frequency. A clear communications plan, with pre-prepared templates can simplify and improve this process. We’ve developed the full set of incident response documentation for organisations across a broad range of industries and sectors, learning how to make each document more useful with each engagement.
Disaster recovery:
Mature cyber security programs understand that it is not possible to protect everything all of the time, and presumes at some point you will lose access to your critical data and systems. True resilience means planning, implementing, testing and subjecting your recovery measures to continuous review and improvement, and our consultants deliver programs to give you confidence that you can recover during even the worst case scenario outages.
Tabletop exercises:
When discovered, major cyber incidents pose too many challenges to think about at once. The cost of cyber breaches is increasing year on year, and many organisations report lacking confidence in their incident response processes and documentation. Proper preparation for cyber incidents means practising your response to them in a consequence-free environment to develop the skills, knowledge, and documentation necessary to successfully handle real incidents. We help our clients to do this by preparing, designing, and facilitating cyber incident tabletop exercises.