Business IT Baseline Risk-Assessment Banner

Cordon Sanitaire Cyber Security Hygiene Assessment

Good Cyber Hygiene is an integral requirement in achieving European Unions General Data Protection Regulation (GDPR) Readiness. See our GDPR Readiness service.

Cyber Security risk evolves quickly and is difficult to predict both in terms of scope of influence and scale. Yet the damage from failing to take it seriously can be significant as most breaches today become public within a matter of hours. How prepared are you?

The assessment is a core component of the Cordon Sanitaire Cyber Security as a Service (CSaaS) offering. It is designed to provide organisations with the clarity and currency of events that can seriously cause asset damage and or their exposure to unacceptable risks, confidentiality, integrity and availability. Informing and providing independent predictive, actionable intelligence. This helps your senior management and stakeholders determine the risk appetite of their organization and mitigate Cyber Risks and to meet compliance obligations, industry best practices and be resilient in the face of legal liabilities that can arise from breach events.

This following provides an outline of the activities and deliverables that can be expected from a Cyber Security Hygiene Assessment engagement, conducted by experienced and qualified consultants supported by structured online survey, questionnaires and vulnerability tests. Incorporating the ten-step approach to cyber security assessment as defined by the UK Communications-Electronics Security Group (CESG) which is now part of the UK National Cyber Security Centre (NCSC), the information security arm of UK Government Communications HQ (GCHQ).

The assessment is scalable for organizations of all sizes, based on accepted standards and best practices for helping reduce risk in modern Business and IT environments. It uses the "Defence-in-Depth" (DiD) concept, which refers to the implementation of layered security measures that include technical, organizational, and operational controls to help Business and IT better understand potential security issues. It will help identify personnel, processes, resources, and technologies that are designed to promote good security planning and risk mitigation practices within your organization.

This is still an emerging regulatory domain and Cordon Sanitaire reserve the right to adapt and change the assessment at short notice to reflect evolving practices.

The Scope

All information is kept strictly confidential and no personally identifiable information whatsoever will be sent. For more information on the Cordon Sanitaire privacy policy, please visit read our Privacy Statement.

We assess the clarity and currency of an organisations understanding of the events that can seriously cause damage to their assets. The assessment focuses on people, process and technology, involving board level engagement and stakeholders from across an organisation. This includes:

  • Onsite interviews with stakeholders
  • Structured security assessment
  • Vulnerability scans (cost dependent on IP ranges & web applications/sites)
  • Personnel awareness questionnaires (statistical sample)
  • Risk Profile methodology and alignment to Business Objectives
  • High-level analysis of next steps

Based on best practice and control sets including:

  • ISO/IEC 27001:2013 and ISO/IEC 27001:2005
  • PCI DSS v3
  • NIST SP 800-53
  • Cloud Controls Matrix
  • ISO/IEC 27032
  • UK Cyber Essential

The Deliverables

Your will receive a report that provides a status appraisal and recommendations to reduce your cyber and compliance risk across the following key areas:

  • Cyber hygiene
  • Cyber governance framework
  • Vulnerability scans
  • People, process and technical controls
  • Continuity, recovery and resilience maturity

Actions are presented to mitigate risks in line with business objectives.

The Costs

For larger organisations, a separate quotation will be determined by:

  • Number of sites (travel and accommodation expenses at cost)
  • Number of IP’s and web applications in scope for any vulnerability scans
  • Number of employee’s and languages for personnel assessments

For Small Medium Enterprise organisations with up to 100 employee’s we provide a fixed price of £4,500 for single site. This is confined to a three-day consultative engagement with remote survey and a fixed scope of up to 5 IP addresses and a single website or web application for vulnerability assessment.