Essential IT Security

These services provided by CDD build upon any existing foundational IT security, (or indeed, new IT facilities) geared to the following groups:

Small Businessess or Subsidiaries

Smaller corporate entities with IT facilities that may be sub-par and require security systems enhancement that addresses a percieved change in threat profile.   

Private Individuals 
With Important IT

People with significant IT skills, but find themselves needing greater assurance that their security is commensurate with the threat.  

Troubled 
Organisations

Organisations finding themselves temporarily facing significant threat activity that requires more capability than their personnel can currently call upon.    

People Facing Significant IT Difficulty

People who may lack the necessary capability to take control of an IT related problem and require guidance to resolve matters or champion their cause.     

Entry-level Cybercapability Improvement

All entities that use the internet in any way, will be benefiting from IT security in some form.  It is some times necessary to take control of such security mechanisms, and user communities will be advised accordingly.  

The following temporary services are desirnged to help users and organisational entities to benefit from taking greater control of their IT security.     

Threat, Risk and Vulnerability 

The relationship between these three is often misundertstood, but it is crtiical to know where risk lies, and how this can be meaningfully expressed in terms of threat and vulnerability, otherwise money may be wasted or good businesses can be completely lost!  In the context of cyberattack:  

  • Risk is a mathematical probability and can be mitigated
  • Threat(s) are most frequently people and such entity's actions are resisted appropriately
  • Vulnerabilities are inherent weaknesses in systems and these are mollified.

CDD will meaningfully clarify for customers, where cyberrisk arises and how best to mitigate such risk most cost effectively.

Cyber Situational Awareness 

It is critical to know (with as much certainty as possible) what is transpiring within an IT arena. If you cannot see what is happening, then the IT is being driven blind and all may be lost if a cyber incident takes place. This involves: 

  • Identifying sources of operational intelligence
  • Gathering And Correlating All Such Sources
  • Interrogating And Discerning Issues Arising
  • Establishing Event Prioritisation

CDD can asssit in preparation of the above technical processes to ensure that organisations become aware of the natural performance of their IT arena and are able to exert the necessary management influence over that arena.     

Risk Reduction 

Risk is omnipresent and equally, can always be reduced, dependent upon risk apetite.  Accepting needless risk is frequently considered unwise. Assessing and managing IT risk usually involves the 4Ts for business processes or more properly: 

  • Toleration
  • Treatment
  • Transferral
  • Termination

There is a fifth option, (Transmutation) but only for those with the capabilities described in the section on Advanced Cybersecurity Services and even then, only by those with a full understanding of the Art of Cybersecurity.

CDD can advise and prepare assurance mechanisms underpinning risk management to make sure that attention is directed to appropriate areas of cyberrisk. 

Cyber Security Response

Following appropriate diagnosis and timeline of a cyber attack, it is critical to understand what options are available and what influence can be called into play including: 

  • Legal Advice And Even Police Involvement
  • Cyber Insurance Policy
  • Forensic Capability
  • Technical Recovery
  • Alternative Process Invocation
  • Other Temporary Restorative Operational Measures

CDD can prepare or advise on all such measures and approaches.

Cyber Security Incident Review

Following recovery from the adverse impact of a cyber incident it is critical to assess what can be improved to better equip the organisastion for the next event.  Such a review calls upon many areas of business continuity and recovery including:

  • Time Line Analysis
  • Decision Taking and Mistakes
  • Critical Information Requirements
  • Legal Implications
  • Cyber Insurance Claim (Progression)
  • Process Review
  • Skills-set Review

CDD can take control of, or prepare or advise on all such reviews, interdiction and/or intercession.

Cyber Security Performance 

Security enforcing functionality has increasing cost, and it is essential that addressing cyber risk can be justified.  Preparing appropriate cogent argument around such investment is critical.  To take such decisions, it is necessary to prepare meaningful cost/benefit metrics encompassing: 

  • Impact
  • Risk
  • Maintenance
  • Training
  • Service

CDD can prepare or advise on all such performance metrics to guide decision makers accordingly.  

All rights reserved. CyberDefenceDynamics 

© 2021