Our Services

Following the issue of the NIS Regulations, the NCSC have provided the Cyber Assessment Framework (CAF) as a resource for Operators of Essential Services (OES). The CAF Principles define indicators of good practice (IGPs) for each of the 39 Contributing Outcomes that comprise the 4 CAF Objectives.

Arcanum’s NCSC certified consultants have comprehensive knowledge and experience in supporting CNI and other OES with CAF assessments.

For more information check out the CAF page

IEC 62443 framework, formerly known as ISA 99, is the new global standard for the security of Industrial Control System (ICS) networks and helps organizations to reduce both the risk of failure and exposure of ICS networks to cyberthreats.

For more information check out the IEC 62443 Assessments page 

Our 360 degree security service looks at everything from your physical boundaries, through your processes and procedures to the technical security of your IT systems.  We work with you to identify and understand the main threats to your business and develop appropriate strategies to counter them.  We can:

• Evaluate a single location, a particular part of your business, or the entire organisation
• Analyse potential risks associated with new sites or business expansion
• Identify weaknesses in your current security systems or procedures
• Conduct IT Health Checks 
• Carry Out Penetration Testing
• Deliver Business Continuity and Disaster Recovery Planning
• Provide a report listing a detailed set of recommendations

The Business Continuity Plan (BCP) is an essential part of any organisation’s response planning.  It sets out how the business will operate following an incident and how it expects to return to ‘business as usual’ in the quickest possible time afterwards.  The plan itself sets out the agreed arrangements for bringing events under control, the necessary resources for maintaining critical business functions and the staff required for co-ordinating actions.

Cyber Essentials focuses on five essential mitigations within the context of the ‘10 Steps to Cyber Security’. It provides organisations with guidance on implementation as well as offering independent certification for those who need it. The large majority of internet based threats would have been mitigated by full implementation of the controls under the five essential mitigations:

• Access control
• Secure configuration
• Software updates
• Malware protection
• Firewalls and routers

For more information visit the Cyber Essentials page 

Cyber Essentials Plus involves a technical audit of your network and computers. It will require a visit to your site and the Assessor will test a random sample of your systems to provide a higher level of assurance that you are complying with the Cyber Essentials Scheme.

For more information visit the Cyber Essentials page 

Digital Forensics is the process of uncovering and interpreting electronic data for use in a court of law.  The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events.  It is a branch of forensic science encompassing the recovery and investigation of material found in digital devices.

For more information visit the Digital Forensics page 

Forensic Readiness Planning is the set of common-sense tasks and procedures that can be put in place before an incident occurs to ensure that an organisation is best placed to deal with the demands placed upon it when an incident involving computer data happens.  This can be the result of a rogue employee who is copying customer databases, designs, trade secrets and other intellectual property or it may possibly be an external attack from the likes of ‘anonymous’ who have decided the organisation is deserving of its attention.

The GDPR Gap Analysis service provides a step by step assessment of your organisation’s current level of compliance with the Regulations, and helps identify and prioritise the key areas that your organisation must address including:

• GDPR project resourcing
• Data protection governance
• Data protection officer
• Roles and responsibilities
• Personal data processes
• Scope of compliance
• Risk management
• Personal information management system
• Information security management system

For more information check out the GDPR Compliance page 

Information Assurance Policies ensure that your staff has clear guidelines to follow.  They will also detail the responsibilities of those personnel who have a key role within Information Security.  The organisation will be in a position to demonstrate that reasonable steps have been taken to ensure that your legal obligations and duty of care requirements have been addressed.

 

ISO/IEC 27001 is an internationally recognised best practice framework for an information security management system (ISMS). It can help small, medium and large businesses in any sector keep information assets secure.

Arcanum’s experienced ISO 27001 Lead Auditors are ideally placed to support your business to achieve ISO 27001.

For more information check out the ISO 27001 page

 

An IT Health Check is a combination of manual and automated techniques to ensure the correct implementation of security functionality and to identify vulnerabilities in IT systems and networks which may compromise confidentiality, integrity or availability of information on the system or network.

A security audit is a systematic evaluation of the security of a company’s management information system by measuring how well it conforms to a set of established criteria.  A thorough audit typically assesses the security of the system’s physical configuration and environment, software, information handling processes, and user practices.  Security audits are often used to determine regulatory compliance.

A Penetration Test (PenTest) is the managed and authorised process of attempting to gain technical access to your resources without the knowledge of usernames, passwords and other normal means of access by exploiting security weaknesses. They are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture.

Our surveys are adapted for each of our customers to meet their individual requirements whether for the whole organisation or a part of it. The aim is to determine if the physical and personnel security measures policies and procedures are adequate to counter the risks that business assets are exposed to. Recommendations are made on how security measures can be improved.

We provide a range of secure architecture services for bespoke systems or integration with legacy networks. Our security architects will provide advice with the initial the security requirements early in the project lifecycle through to producing the security architectural design offering advice thorough the network build and installation.

Security Accreditation is the formal assessment of an information asset against the criteria set by the accrediting authority. Our security cleared subject matter experts have many years’ experience guiding customers through the security accreditation process. They have achieved accreditation for numerous networks, bespoke and unique projects. Over the years they have established a good working relationship with Pan Government and MoD Accreditors.

Computer security incident management involves the monitoring and detection of security events and the timely and correct execution of responses to those events.  Our security subject matter experts are experienced in responding to and managing security incidents. They advise our clients of the corrective controls required, how to recognise and respond to events and incidents; how to minimise impacts and if required, to do so, how to gather forensic evidence.

Our security subject matter experts have carried out risk assessment for many of our clients in the public and private sectors. They are highly experienced in identifying and assessing the risks to critical assets; recommending the appropriate technical controls and procedural mitigation measures and delivering advice for the long term management of residual risk.

We have been working with our clients to develop user and system security requirements. Identifying and capturing the security requirements in the early phase of a project is essential to ensure successfully integration within its lifecycle.  Our security subject matter experts are experienced at writing and reviewing system security requirements for small and larger networks and novel and contentious IT assets.