Cyber Assessments
Identifying potential weakness is the first step to building your defences
secure business
Protecting your business from the growing threat landscape
Understanding where weaknesses are, be they in your network, processes, procedures or other, is the first step to protect your business from the growing threat landscape.
Working with an independent partner, we can carry out a full cyber risk assessment resulting in a robust bespoke plan of action to remedy vulnerabilities and mitigate the risk to your business.
There are a number of assessment options available, each with different areas of focus. We work with you to understand your objectives and determine the type of assessment needed to deliver on your goals.
Assessments include:
M365 Security Assessment
Cyber Assessment Framework
Maturity & Gap Analysis Assessment
Technical Assessment
Policy and Processes
Ransomware Attack
Simulation Service
Penetration Testing
Cyber Essentials Certification
M365 Security Assessment
M365 is a popular application for businesses, but a lesser-known fact is that Microsoft does not automatically apply the appropriate security settings on a tenancy, leaving tenancies and user accounts susceptible to compromise.
With our Cyber Security partner we can conduct a full assessment of your Microsoft 365 instance, resulting in a set of recommended actions to make sure all the necessary security controls are changed to keep your tenancy secure.
Maturity & Gap Analysis Assessment
A maturity & gap analysis assessment takes a thorough look at data security. Through a questionnaire coupled with an interview-based assessment we can identify gaps and focused areas of improvements, to ensure your business exercises reasonable governance over your data.
Policy and Processes
With the actions of people and technology being instrumental in protecting data and securing an organisation, it is important policies and processes are well thought through and examined thoroughly on a regular basis to ensure they reflect changes in technology and changes in business structure, while also making sure they are aligned to NIST or ISO27001 or your chosen framework.
Following a high-level audit process a report is produced identifying both a “Maturity Level Rating” and a set of recommendations for improvements where they are required. We can also provide relevant experts to help with the implementation of some or all of the recommendations.
Penetration Testing
Our Penetration testing service can identify security holes in a network or application that an attacker could target. The weaknesses uncovered by penetration testing are remediated to mitigate the risk. The penetration test itself uses the latest tools and methodologies of hackers to test applications; servers; routers; networks and the devices looking for an in, this is then exploited to see the depth at which the network can be penetrated with every vulnerability that is found being documented and recommendations on remedying the issues to mitigate risk.
Cyber Assessment Framework
NIST; ISO 27001, NCSC CAF (Cyber Assessment Framework)
At Koris365 we can offer assessments of cyber risks and controls against two of the most recognised frameworks NIST and ISO 27001, resulting in comprehensive guidance on your cyber security. We can also offer NCSC CAF for organisations responsible for vitally important services.
Technical Assessment
Our Technical Assessments consist of an expert-led vulnerability scan of IT infrastructure with the objective of finding gaps and potential risks. Carrying out a scanning assessment can identify technical vulnerabilities and provide insight to mitigate the gaps identified.
A technical assessment is carried out through the collection of data from various sources available, utilising a scanning tool that scans IP addresses on the network, we are able to identify vulnerabilities such as out of date software and patches.
The resulting report from the assessment will provide a map of all the endpoints on the network which can be referenced against the asset register, as such devices that have been unofficially added, and subsequently present a high risk to the network can be identified.
The Technical Assessment is perfect as a pre-Cyber Essentials Plus assessment, we would also recommend it to all businesses whether they are seeking to achieve Cyber Essentials certification or not, as a six-monthly assessment of vulnerabilities to mitigate the changing risk landscape.
Ransomware Attack Simulation Service
Simulating a ransomware attack to identify vulnerabilities in IT infrastructure
Ransomware attacks have fast become the biggest cause of concern for businesses in the UK, impacting businesses of all sizes and types, they create chaos, exorbitant costs/ ransoms and often devastating reputational damage, all in a very small amount of time.
The best way to identify if you are vulnerable to a ransomware attack is to test, in a controlled way, if ransomware could potentially be deployed on your network.
How it is done
Working with our cyber security partner – we test your IT protection and incident response by deploying a real-time benign ransomware attack under controlled conditions, with your team maintaining full visibility. The simulation will mimic an attack on your IT services and will provide a full demonstration of what would happen to your IT systems if the attack had been real.
The process ultimately provides a great opportunity to identify weaknesses and the corrective actions that are needed to keep you safe from real harm.
Cyber Essentials Certification
Cyber Essentials certification is a straightforward and effective scheme designed to protect companies against a host of common cyber attacks. This government-backed framework was developed as part of the National Cyber Security Strategy in the UK to counteract online threats.
Contact us
We would love to hear from you. To get in touch with our team of technical experts, please fill out this form or contact us by phone or emaill