Hero Banner

Audits & Assessments

Cyber Management Alliance’s professional audits and assessments provide our clients with all the information and tools required to achieve maximum maturity in their cybersecurity posture.

Auditing Cybersecurity


The cyber crisis, the data breach that may damage your brand reputation and even cost you a massive financial loss in terms of fines and regulatory impositions is just around the corner.
When planning a journey you need to know the route, the distance and any obstacles that you might face in your journey. Being fully Cyber Resilient is the final destination for any organisation and our professional audits and assessments provide you with all the information required to achieve maximum maturity in cyber resilience.

Cyber Management Alliance Ltd conducts a range of specialist cybersecurity assessments and audits not available elsewhere. These evaluations focus on organisational Cyber Resilience, Incident Response, internal staff capabilities, organisational breach-readiness, and more.

Our team of experienced practitioners and have several years of experience in cyber resilience, designing and implementing SoCs, cyber crisis management, incident response and business continuity.

Why Use our Assessment & Audit Services

Cyber Management Alliance offers an array of specialist audits and assessments in cybersecurity and cyber resilience that help answer an array of questions that you, your clients, or your external auditors may have, including: 

  • Are you prepared for the ‘Golden Hour’ of the Cyber Crisis?
  • Is your organisation ready for a major and business-impacting cyber-attack?
  • Is your management capable of responding to a cyber crisis? 
  • Have your management and technical teams practiced and built muscle memory?
  • Is your technical staff able to accurately detect and rapidly respond to an advanced cyber-attacker? 
  • Does your PR & Communications team understand the nuances of a cyber-attack? 
  • Is the CEO and senior staff trained to handle and deal with modern, cyber-savvy journalists?
  • What’s your breach-readiness score for a specific asset and attack-scenario?
  • What’s the maturity of your Security Operations center and its staff?

Client Testimonials

We have assisted numerous organisations including FIFA, NHS, Capita, British Medical Journal, and many more with assessments and audits. Here's some feedback from just a few of them.

Mudassar Ulhaq

Mudassar Ulhaq - Chief Information Officer -Waverton Investment Management

"I would recommend Cyber Management Alliance’s tabletop workshops to anyone genuinely interested in being on top of their cyber incident response strategies. The format and style of conducting the entire workshop is what I found a lot of value in. Most importantly, the scenarios on which the workshop was based were relevant to the business, making the exercise a great investment of time and resources."


Aaron Townsend - Service Delivery Manager - British Medical Journal

"In order for BMJ to the right way forward we looked for a VCISO to advise us on the right way to do things and give us expertise. We went to Cyber Management Alliance and it's been about a year now and we ran workshops, looked at our response to incidents, created the incident response plan and we are in a position now where we understand our way forward. Our VCISO keeps us on our toes and overall it's been a very effective way of delivering expertise into the organisation that we wouldn't have normally had."

Neil Mallon

Neil Mallon - Strategic Technology Leader - Aster Housing

"The Cyber Crisis Tabletop Exercise and corresponding audit conducted by Cyber Management Alliance Ltd was expertly delivered and has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now, and our next focussed steps. We will be engaging CM-Alliance on an annual basis."

1-Day NIST Cyber Health Check

The 1-Day NIST Cyber Health Check is a fixed, low-cost, focussed assessment to determine your organisation's cybersecurity health and readiness to respond to cyber-attacks.  

In this cybersecurity audit, we take a cursory look at the threats, vulnerabilities and risks your organisation faces and conduct a compact review of related materials including policies, processes and procedures.


  • Output: 1-2 page summary report highlighting your strengths and areas that need further investigation and improvement. The report also highlights opportunities for technology consolidation and areas for potential savings.
  • Constraints: Extremely time-limited engagement. Stakeholder availability.
  • Requirements: Access to key stakeholders.
  • Dependencies: Third Party, if applicable.
  • Number of days: Less than a day. Maximum of 4 hours for the assessment.

Breach Readiness Assessment (or Audit)

A focussed audit aimed at answering one critical question. ‘Is my team breach ready?’

This assessment scores the Breach Readiness capability of a specific group of people (or an existing team) and how they respond to a specific cyber-attack scenario against a distinct critical asset.

This audit is performed in conjunction with and during our Cyber Crisis Tabletop Exercise (CCTE) and it measures and scores various attributes of the exercise and the participants during the tabletop exercise.


  • Output: Formal report with a Breach Readiness score along with formal scoring of several other categories.
  • Constraints: Scenario and asset-based
  • Requirements: Tabletop exercise facilitated by Cyber Management Alliance
  • Dependencies: Cyber Crisis Tabletop Exercise (CCTE)
  • Number of days:  3+ days

SIEM Assessment

A focussed assessment during which we evaluate the maturity of your SIEM or Security Incident and Event Management system and review the operational aspects of the SoC team.  This assessment includes an overview of the monitoring technology stack. (see Technology Stack).


  • Output: A status and improvement report.
  • Context: IDS, IPS, EDR, Malware Detection, SIEM, Log Management, Incident Response playbooks.
  • Requirements: Access to staff, documentation and technology stack.
  • Dependencies: Third Party, if applicable.
  • Number of days: 4+ days

Cyber Incident Response Maturity Assessment: (Cyber Resilience Maturity Audit)

(Cyber Resilience Maturity Audit) 

This comprehensive, no-holds barred assessment, provides a 360-degree view of your organisation’s cyber incident response and crisis readiness. We don’t just interview stakeholders, we scrutinise each and every in-scope artefact and insist on supporting evidence for each item. 

In its entirety, this assessment includes our Breach Readiness Audit, SOC Assessment and additional micro-assessments including an assessment of the Technology Stack and the Visibility Coverage.

Put another way, this is a bespoke assessment where the client selects the aspects to be evaluated and appraised based on their organisational size and other requirements.


  • Output: Detailed and formal report that deep dives into all the areas highlighting your strengths and weaknesses. This report also provides detailed remediation guidance.
  • Context: Several. Depending on the complexity and choice of assessments.
  • Requirements: Access to staff, documentation and technology stack.
  • Dependencies: 3rd Party, if applicable.
  • Number of days: 8+ days



Cybersecurity Workshops

NCSC Certified Training B&W 300px

NCSC-Certified Cyber Incident Planning & Response

The NCSC-Certified Cyber Incident Planning & Response (CIPR) cybersecurity training course teaches you how to plan and reduce your time to detect and respond to a cyber-attack or data breach.

BOIRP-Course-Thumbnail (1)

Building & Optimising Incident Response Playbooks

The Building and Optimising Incident Response Playbooks training teaches you how to create actionable incident response playbooks to respond to a variety of simple and complex cyber-attacks and data breaches.

Prepare for a Cyber Tabletop Exercise

Cyber Crisis Tabletop Exercise (CCTE)

The Cyber Tabletop Exercise designed and run by CM-Alliance is a unique blend of verbal and visual simulation along with interactive discussions on an agreed cyber-attack scenario relevant to an organisation.

We're here to help

Why not book a discovery call to discuss your requirements?

Why not find out more about our audits and assessments, book a no-obligation discovery call with one of our consultants. 

We provide support on cybersecurity strategy, policies, incident response, gap assessments, SIEM assessments, GDPR, Cyber Crisis Tabletop Exercises, Breach Readiness Assessments, and more. Speak to us to find out how we can assist. 


Over 1000 Clients in 45 countries. 


Cyber Crisis Tabletop Exercises Delivered


Internal Cyber Incident Response Courses delivered


Certified Cyber Incident Response Graduates


Data Protection

Digital Documentation: Future, Trends & Innovations in eSignature API

As regulatory requirements become increasingly complex, ensuring the security and compliance of sensitive contracts is non-negotiable. eSignature APIs provide advanced features such as encryption,...
> Read More
cyber tabletop exercise scenarios

Why Does the Education Sector Need Cyber Crisis Tabletop Exercises?

If you so much as glance at our monthly compilation of cyber attacks, ransomware attacks and data breaches, you’ll note one overwhelming fact. There’s one industry that’s never missing from the list...
> Read More
Cyber Incident Planning & Response

Top 3 Ways in which the EU DORA Impacts Businesses in the UK

The European Union has taken a strong stand to improve operational resilience of its financial entities in a digital world. The EU Digital Operational Resilience Act that comes into effect in January...
> Read More

Book a Discovery Call

To find out more book a discovery call. 

More than 1000+ organisations are actively engaged with Cyber Management Alliance.