Cyber Assessments

A maturity & gap analysis assessment takes a thorough look at data security. Through a questionnaire coupled with an interview-based assessment we can identify gaps and focused areas of improvements, to ensure your business exercises reasonable governance over your data. 

With the actions of people and technology being instrumental in protecting data and securing an organisation, it is important policies and processes are well thought through and examined thoroughly on a regular basis to ensure they reflect changes in technology and changes in business structure, while also making sure they are aligned to NIST or ISO27001 or your chosen framework.

Following a high-level audit process a report is produced identifying both a “Maturity Level Rating” and a set of recommendations for improvements where they are required. We can also provide relevant experts to help with the implementation of some or all of the recommendations.  

Our Penetration testing service can identify security holes in a network or application that an attacker could target. The weaknesses uncovered by penetration testing are remediated to mitigate the risk. The penetration test itself uses the latest tools and methodologies of hackers to test applications; servers; routers; networks and the devices looking for an in, this is then exploited to see the depth at which the network can be penetrated with every vulnerability that is found being documented and recommendations on remedying the issues to mitigate risk.

NIST; ISO 27001, NCSC CAF (Cyber Assessment Framework)

At Koris365 we can offer assessments of cyber risks and controls against two of the most recognised frameworks NIST and ISO 27001, resulting in comprehensive guidance on your cyber security. We can also offer NCSC CAF for organisations responsible for vitally important services. 

Our Technical Assessments consist of an expert-led vulnerability scan of IT infrastructure with the objective of finding gaps and potential risks. Carrying out a scanning assessment can identify technical vulnerabilities and provide insight to mitigate the gaps identified.

A technical assessment is carried out through the collection of data from various sources available, utilising a scanning tool that scans IP addresses on the network, we are able to identify vulnerabilities such as out of date software and patches. 

The resulting report from the assessment will provide a map of all the endpoints on the network which can be referenced against the asset register, as such devices that have been unofficially added, and subsequently present a high risk to the network can be identified.

The Technical Assessment is perfect as a pre-Cyber Essentials Plus assessment, we would also recommend it to all businesses whether they are seeking to achieve Cyber Essentials certification or not, as a six-monthly assessment of vulnerabilities to mitigate the changing risk landscape.

Simulating a ransomware attack to identify vulnerabilities in IT infrastructure

Ransomware attacks have fast become the biggest cause of concern for businesses in the UK, impacting businesses of all sizes and types, they create chaos, exorbitant costs/ ransoms and often devastating reputational damage, all in a very small amount of time.

The best way to identify if you are vulnerable to a ransomware attack is to test, in a controlled way, if ransomware could potentially be deployed on your network. 

How it is done

Working with our cyber security partner – we test your IT protection and incident response by deploying a real-time benign ransomware attack under controlled conditions, with your team maintaining full visibility. The simulation will mimic an attack on your IT services and will provide a full demonstration of what would happen to your IT systems if the attack had been real.

The process ultimately provides a great opportunity to identify weaknesses and the corrective actions that are needed to keep you safe from real harm.

Cyber Essentials certification is a straightforward and effective scheme designed to protect companies against a host of common cyber attacks. This government-backed framework was developed as part of the National Cyber Security Strategy in the UK to counteract online threats.