Cyber Assessments

Identifying potential weakness is the first step to building your defences

secure business

Protecting your business from the growing threat landscape

Understanding where weaknesses are, be they in your network, processes, procedures or other, is the first step to protect your business from the growing threat landscape.

Working with an independent partner, we can carry out a full cyber risk assessment resulting in a robust bespoke plan of action to remedy vulnerabilities and mitigate the risk to your business. 

There are a number of assessment options available, each with different areas of focus. We work with you to understand your objectives and determine the type of assessment needed to deliver on your goals.

Assessments include:

M365 Security Assessment

Cyber Assessment Framework

Maturity & Gap Analysis Assessment

Technical Assessment

Policy and Processes

Ransomware Attack
Simulation Service

Penetration Testing

Cyber Essentials Certification

M365 Security Assessment

M365 Security Assessment

M365 is a popular application for businesses, but a lesser-known fact is that Microsoft does not automatically apply the appropriate security settings on a tenancy, leaving tenancies and user accounts susceptible to compromise.

With our Cyber Security partner we can conduct a full assessment of your Microsoft 365 instance, resulting in a set of recommended actions to make sure all the necessary security controls are changed to keep your tenancy secure. 

Maturity & Gap Analysis Assessment

Maturity & Gap Analysis Assessment

A maturity & gap analysis assessment takes a thorough look at data security. Through a questionnaire coupled with an interview-based assessment we can identify gaps and focused areas of improvements, to ensure your business exercises reasonable governance over your data. 

Policy and Processes

Policy and Processes

With the actions of people and technology being instrumental in protecting data and securing an organisation, it is important policies and processes are well thought through and examined thoroughly on a regular basis to ensure they reflect changes in technology and changes in business structure, while also making sure they are aligned to NIST or ISO27001 or your chosen framework.

Following a high-level audit process a report is produced identifying both a “Maturity Level Rating” and a set of recommendations for improvements where they are required. We can also provide relevant experts to help with the implementation of some or all of the recommendations.  

Penetration Testing

Penetration Testing

Our Penetration testing service can identify security holes in a network or application that an attacker could target. The weaknesses uncovered by penetration testing are remediated to mitigate the risk. The penetration test itself uses the latest tools and methodologies of hackers to test applications; servers; routers; networks and the devices looking for an in, this is then exploited to see the depth at which the network can be penetrated with every vulnerability that is found being documented and recommendations on remedying the issues to mitigate risk.

Cyber Assessment Framework

Cyber Assessment Framework

NIST; ISO 27001, NCSC CAF (Cyber Assessment Framework)

At Koris365 we can offer assessments of cyber risks and controls against two of the most recognised frameworks NIST and ISO 27001, resulting in comprehensive guidance on your cyber security. We can also offer NCSC CAF for organisations responsible for vitally important services. 

Technical Assessment

Technical Assessment

Our Technical Assessments consist of an expert-led vulnerability scan of IT infrastructure with the objective of finding gaps and potential risks. Carrying out a scanning assessment can identify technical vulnerabilities and provide insight to mitigate the gaps identified.

A technical assessment is carried out through the collection of data from various sources available, utilising a scanning tool that scans IP addresses on the network, we are able to identify vulnerabilities such as out of date software and patches. 

The resulting report from the assessment will provide a map of all the endpoints on the network which can be referenced against the asset register, as such devices that have been unofficially added, and subsequently present a high risk to the network can be identified.

The Technical Assessment is perfect as a pre-Cyber Essentials Plus assessment, we would also recommend it to all businesses whether they are seeking to achieve Cyber Essentials certification or not, as a six-monthly assessment of vulnerabilities to mitigate the changing risk landscape.

Ransomware Attack Simulation Service

Ransomware Attack Simulation Service

Simulating a ransomware attack to identify vulnerabilities in IT infrastructure

Ransomware attacks have fast become the biggest cause of concern for businesses in the UK, impacting businesses of all sizes and types, they create chaos, exorbitant costs/ ransoms and often devastating reputational damage, all in a very small amount of time.

The best way to identify if you are vulnerable to a ransomware attack is to test, in a controlled way, if ransomware could potentially be deployed on your network. 

How it is done

Working with our cyber security partner – we test your IT protection and incident response by deploying a real-time benign ransomware attack under controlled conditions, with your team maintaining full visibility. The simulation will mimic an attack on your IT services and will provide a full demonstration of what would happen to your IT systems if the attack had been real.

The process ultimately provides a great opportunity to identify weaknesses and the corrective actions that are needed to keep you safe from real harm.

Cyber Essentials Certification

Cyber Essentials Certification

Cyber Essentials certification is a straightforward and effective scheme designed to protect companies against a host of common cyber attacks. This government-backed framework was developed as part of the National Cyber Security Strategy in the UK to counteract online threats.



Contact us

We would love to hear from you. To get in touch with our team of technical experts, please fill out this form or contact us by phone or emaill

Phone

0345 230 0365

Phone

0345 230 0365

Our social contact information