A mature, cyber-resilient organisation can be defined as a business that can continue to operate, service its clients, deliver a public service, satisfy its shareholders and continue to make a profit, in spite of a cyber incident. An effective, responsive and resilient organisation is always alert and on the look-out for early signs of malicious activity and pounces on the slightest of suspicious events with the intention of nipping them in the bud.
This comprehensive, no-holds barred assessment, provides a 360-degree view of your organisation’s cyber incident response and crisis readiness. We don’t just interview stakeholders, we scrutinise each and every in-scope artifact and insist on supporting evidence for each item.
The Cyber Resilience Maturity Assessment is one of our most comprehensive, evidence-based assessments and it comes with an executive summary and detailed ‘improvements’ report. This audit also covers the organisation’s SoC operations if available.
During our comprehensive Cyber Incident Response Maturity Assessment, we:
Time & format: 5 - 10 days
One of the main objectives of this exercise is to collate and understand what the expected outcome of the service is. To this end, we seek to speak to stakeholders including, but not limited to:
We adopt the same rigour, discipline and evidence-based approach to all our assessments. In Phase 1, we are in a ‘fact-finding’ mode and want to read and consume all the necessary information. Although we speak to staff in Phase 1, we tend to have more meaningful discussions in Phase 2, as we are more informed and hence more prepared with the right questions.
For the SIEM and technology assessments, we prefer technology walkthroughs so we can get a feel of the setup, mode of use and configurations. We also get a feel of what a ‘day’ looks like for the operator of the technology.
We then finish the assignment with a management report.
Example Assessment Schedule
Obtain a comprehensive, 360-view of your organisation’s cyber-resilience maturity measured against easy-to-understand NIST-based categories.
Gain a deep understanding of your detection, response and recovery capabilities across the breadth and depth of your organisation’s operations and strategy.
We have assisted numerous organisations including FIFA, NHS, Capita, BNP Paribas, Formula One Racing, British Medical Journal, and many more with assessments and audits. Here's some feedback from just a few of them.
"I would recommend Cyber Management Alliance’s tabletop workshops to anyone genuinely interested in being on top of their cyber incident response strategies. The format and style of conducting the entire workshop is what I found a lot of value in. Most importantly, the scenarios on which the workshop was based were relevant to the business, making the exercise a great investment of time and resources."
"In order for BMJ to the right way forward we looked for a VCISO to advise us on the right way to do things and give us expertise. We went to Cyber Management Alliance and it's been about a year now and we ran workshops, looked at our response to incidents, created the incident response plan and we are in a position now where we understand our way forward. Our VCISO keeps us on our toes and overall it's been a very effective way of delivering expertise into the organisation that we wouldn't have normally had."
"The Cyber Crisis Tabletop Exercise and corresponding audit conducted by Cyber Management Alliance Ltd was expertly delivered and has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now, and our next focussed steps. We will be engaging CM-Alliance on an annual basis."
Why not find out more about our audits and assessments, book a no-obligation discovery call with one of our consultants.
Amar and the team at Cyber Management Alliance have been a huge help in getting our firm positioned to deal with cyber security risk. Having opened our eyes to the variety and scale of challenges we face, and the potential financial consequences, they worked closely with us to improve our infrastructure, processes and understanding to embed cyber awareness into the firm. Their invaluable experience has guided us to the point where we should receive ISO27001 accreditation in the coming weeks – a key stamp of approval that lets clients know we take these risks very seriously.