We provide an impressive breadth and depth of security capabilities. The complimentary skill sets and extensive experience of our security cleared subject matter experts enable us to cover a wide range of security disciplines.
360 Degree Security
Our 360 degree security service looks at everything from your physical boundaries, through your processes and procedures to the technical security of your IT systems. We work with you to identify and understand the main threats to your business and develop appropriate strategies to counter them. We can:
- Evaluate a single location, a particular part of your business, or the entire organisation
- Analyse potential risks associated with new sites or business expansion
- Identify weaknesses in your current security systems or procedures
- Conduct IT Health Checks
- Carry Out Penetration Testing
- Deliver Business Continuity and Disaster Recovery Planning
- Provide a report listing a detailed set of recommendations
Business Continuity Planning
The Business Continuity Plan (BCP) is an essential part of any organisation’s response planning. It sets out how the business will operate following an incident and how it expects to return to ‘business as usual’ in the quickest possible time afterwards. The plan itself sets out the agreed arrangements for bringing events under control, the necessary resources for maintaining critical business functions and the staff required for co-ordinating actions.
Cyber Essentials focuses on five essential mitigations within the context of the ‘10 Steps to Cyber Security’. It provides organisations with guidance on implementation as well as offering independent certification for those who need it. The large majority of internet based threats would have been mitigated by full implementation of the controls under the five essential mitigations:
- Boundary firewalls and Internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Cyber Essentials Plus
Cyber Essentials Plus involves a technical audit of your network and computers. It will require a visit to your site and the Assessor will test a random sample of your systems to provide a higher level of assurance that you are complying with the Cyber Essentials Scheme.
Digital Forensics is the process of uncovering and interpreting electronic data for use in a court of law. The goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information for the purpose of reconstructing past events. It is a branch of forensic science encompassing the recovery and investigation of material found in digital devices.
Forensic Readiness Planning is the set of common-sense tasks and procedures that can be put in place before an incident occurs to ensure that an organisation is best placed to deal with the demands placed upon it when an incident involving computer data happens. This can be the result of a rogue employee who is copying customer databases, designs, trade secrets and other intellectual property or it may possibly be an external attack from the likes of ‘anonymous’ who have decided the organisation is deserving of its attention.
The GDPR Gap Analysis service provides a step by step assessment of your organisation’s current level of compliance with the Regulations, and helps identify and prioritise the key areas that your organisation must address including:
• GDPR project resourcing
• Data protection governance
• Data protection officer
• Roles and responsibilities
• Personal data processes
• Scope of compliance
• Risk management
• Personal information management system
• Information security management system
For more information check out the GDPR Compliance page
Information Assurance Policies & Procedures
Information Assurance Policies ensure that your staff has clear guidelines to follow. They will also detail the responsibilities of those personnel who have a key role within Information Security. The organisation will be in a position to demonstrate that reasonable steps have been taken to ensure that your legal obligations and duty of care requirements have been addressed.
ISO/IEC 27001 is an internationally recognised best practice framework for an information security management system (ISMS). It can help small, medium and large businesses in any sector keep information assets secure.
Arcanum’s experienced ISO 27001 Lead Auditors are ideally placed to support your business to achieve ISO 27001.
For more information check out the ISO 27001 page
IT Health Checks
An IT Health Check is a combination of manual and automated techniques to ensure the correct implementation of security functionality and to identify vulnerabilities in IT systems and networks which may compromise confidentiality, integrity or availability of information on the system or network.
IT Security Audits
A security audit is a systematic evaluation of the security of a company’s management information system by measuring how well it conforms to a set of established criteria. A thorough audit typically assesses the security of the system’s physical configuration and environment, software, information handling processes, and user practices. Security audits are often used to determine regulatory compliance.
Network and Information Systems Regulations (NIS Regulations)
On 10 May 2018 the EU Network and Information Systems (NIS) Directive became law in the UK as the Network and Information Systems Regulations 2018. They mandate that the ‘Operators of Essential Services (OES)’ who provide electricity, oil, gas, water, healthcare and transport take appropriate and proportionate security measures to manage risks to their network and information systems and notify serious incidents to the relevant Competent Authority.
UK Competent Authorities are taking a proactive approach by implementing an assessment framework including an audit programme to encourage their respective OES to prevent incidents happening.
As an NCSC Certified Cyber Security Consultancy (CCSC) for Risk Assessment and Risk Management, Arcanum are an approved source of help and advice.
For more information check out the NIS Regulations page
A Penetration Test (PenTest) is the managed and authorised process of attempting to gain technical access to your resources without the knowledge of usernames, passwords and other normal means of access by exploiting security weaknesses. They are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture.
Physical Security Surveys
Our surveys are adapted for each of our customers to meet their individual requirements whether for the whole organisation or a part of it. The aim is to determine if the physical and personnel security measures policies and procedures are adequate to counter the risks that business assets are exposed to. Recommendations are made on how security measures can be improved.
Secure Architecture Design
We provide a range of secure architecture services for bespoke systems or integration with legacy networks. Our security architects will provide advice with the initial the security requirements early in the project lifecycle through to producing the security architectural design offering advice thorough the network build and installation.
Security Accreditation is the formal assessment of an information asset against the criteria set by the accrediting authority. Our security cleared subject matter experts have many years’ experience guiding customers through the security accreditation process. They have achieved accreditation for numerous networks, bespoke and unique projects. Over the years they have established a good working relationship with Pan Government and MoD Accreditors.
Security Incident Management
Computer security incident management involves the monitoring and detection of security events and the timely and correct execution of responses to those events. Our security subject matter experts are experienced in responding to and managing security incidents. They advise our clients of the corrective controls required, how to recognise and respond to events and incidents; how to minimise impacts and if required, to do so, how to gather forensic evidence.
Security Risk Assessments
Our security subject matter experts have carried out risk assessment for many of our clients in the public and private sectors. They are highly experienced in identifying and assessing the risks to critical assets; recommending the appropriate technical controls and procedural mitigation measures and delivering advice for the long term management of residual risk.
Security Requirements Capture and Definition
We have been working with our clients to develop user and system security requirements. Identifying and capturing the security requirements in the early phase of a project is essential to ensure successfully integration within its lifecycle. Our security subject matter experts are experienced at writing and reviewing system security requirements for small and larger networks and novel and contentious IT assets.
For More Information
Get in touch today and discover how you can ensure the protection of your critical data and infrastructure.
You can contact us directly by calling or sending us an email.
t: 01558 669140