We have partnered with IT Governance to help secure your practice from cyber attacks and to help you comply with the EU General Data Protection Regulation (GDPR), which will be enforced from 25 May 2018.

Tel: +44 (0)330 900 3900

Website: www.itgovernance.co.uk

email: partners@itgovernance.co.uk



Cyber Risk Assessment

Why carry out a cyber security risk assessment?

Risk assessment – the process of identifying, analysing and evaluating risk – is the only way to ensure that the cyber security controls you choose are appropriate to the risks your organisation faces.

Without a risk assessment to inform your cyber security choices, you could waste time, effort and resources – there is, after all, little point implementing measures to defend against events that are unlikely to occur or won’t have much material impact on your organisation.

It is also possible that you will underestimate or overlook risks that could cause significant damage to your organisation. As the UK government’s Cyber Security Breaches Survey 2017 noted, data breaches are “common even among businesses who do not consider cyber security to be a priority, or who may not think they are exposed to risk”.

What does a cyber security risk assessment include?

A cyber security risk assessment identifies the various information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data and intellectual property), and then identifies the various risks that could affect those assets.

A risk estimation and evaluation is usually performed, followed by the selection of controls to treat the identified risks. It is important to continually monitor and review the risk environment to detect any changes in the context of the organisation, and to maintain an overview of the complete risk management process.

Cyber health check

IT Governance’s fixed-price, three-phase cyber health check combines consultancy and audit, remote vulnerability assessments, and an online staff survey to assess your cyber risk exposure and identify a practical route to minimise your risks. Our approach will identify your actual cyber risks, audit the effectiveness of your responses to those risks, analyse your real risk exposure and then create a prioritised action plan for managing those risks in line with your business objectives.

Find out more

 

Risk assessment software

The risk assessment software tool vsRisk™ has been proven to save huge amounts of time, effort and expense when tackling complex risk assessments. Fully compliant with ISO 27001, vsRisk streamlines the risk assessment process to deliver consistent and repeatable cyber security risk assessments every time.

The latest version of vsRisk includes three new functionalities: custom acceptance criteria, a risk assessment wizard and control set synchronisation. You can also now export the asset database in order to populate an asset management system or register.

Find out more

 

Cyber Essentials

The threat facing organisations

The UK Government’s Cyber Security Breaches Survey 2016 showed that two thirds of large firms detected a cyber security breach or attack in 2016, with 25% of these experiencing a breach at least once a month.

The research showed that in some cases the cost of cyber breaches and attacks to businesses reached millions, with viruses, spyware and malware being the most common causes. The survey also found that while one in four large firms experiencing a breach did so at least once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer – about a third of all firms – had formal written cyber security policies and only 10% had an incident management plan in place.

How Cyber Essentials certification can help organisations protect data

Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of common cyber attacks. These five controls cover boundary firewalls and Internet gateways, secure configuration, access controls, patch management, and malware protection.

The two levels of certification

There are two levels of Cyber Essentials certification: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials

The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) around the adoption of the five controls, as well as an external vulnerability scan of the externally facing IP addresses. The external vulnerability scan provides independent verification of your cyber security status and is only offered as part of a CREST-accredited Cyber Essentials certification.

Find out more
 

Cyber Essentials Plus

The Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification plus a technical review of the organisation’s workstations and an on-site assessment. Cyber Essentials Plus is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.

Find out more
 

EU General Data Protection Regulation (GDPR)

Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the current Data Protection Act (DPA). The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.

View the key changes here >>

UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into effect before the UK leaves the European Union, and the government has confirmed that the Regulation will apply, a position that has been confirmed by the Information Commissioner.

Penalties for non-compliance with the GDPR

The first half of 2017 saw the Information Commissioner’s Office (ICO) issue fines totalling £2.4 million across 34 different companies for breaches of data privacy, the highest fine being £400,000 issued to TalkTalk Telecom Group PLC for security failings that allowed an attacker to access customer data “with ease”. These fines spanned 15 different industries and were issued for a range of data privacy breaches, including nuisance phone calls, spam texts, failings to secure sensitive data, wealth screening, sharing records and lost files.

The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency.

Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2017 Data Breach Investigations Report reaffirms, “it’s not just household brands that find themselves on the cyber spies’ hit list. Start-ups are targeted for their breakthrough technology. More established companies fall victim for their sales lists. And others are identified as a soft target useful as a stepping stone to their partners’ systems.”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.

SWAT UK’s partnership with IT Governance can help your organisation comply with the GDPR

Together, our wide-ranging data protection expertise can help organisations prepare for the GDPR. We offer a comprehensive suite of information resources, solutions and consultancy services, including:

 

Training courses

Certified EU General Data Protection Regulation Foundation (GDPR) Training Course

Avoid heavy fines and loss of reputation resulting from data breaches. Learn from the experts how the GDPR will affect your organisation. Understand the implementation path to ensure GDPR compliance.

Classroom Online Distance

 

Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course

Learn from the experts how to meet the requirements of the GDPR. Gain practical understanding of the tools and methods for implementing and managing an effective compliance framework, and how to fulfil the role of data protection officer (DPO).

Classroom Online Distance

 

Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course

Learn from the experts how to meet the requirements of the GDPR. Gain knowledge of the Regulation, a practical understanding of the methods and tools for implementing and managing an effective compliance framework, and how to fulfil the role of DPO.

Classroom Online

 

Data Protection Impact Assessment (DPIA) Workshop

This one-day workshop is designed to provide delegates with the practical knowledge needed to perform a DPIA that will minimise privacy risks and comply with the DPA and the GDPR.

Classroom

 

E-learning Course

This simple-to-use interactive modular e-learning programme for employees introduces the GDPR and the key compliance obligations for organisations.

Classroom

 

Compliance tools

EU GDPR Compliance Gap Assessment Tool

Use this gap assessment tool to quickly identify your GDPR compliance gaps and then plan and prioritise your GDPR project.

Buy now

 

EU General Data Protection Regulation (GDPR) Documentation Toolkit

Accelerate your GDPR compliance implementation project. The GDPR Documentation Toolkit delivers all the critical documents any organisation needs to ensure compliance with the Regulation, including project documents covering data protection policy, DPO requirements, privacy impact assessments, incident response and breach reporting.

Buy now

 

Information and guidance

EU GDPR – A Pocket Guide

Gain a clear understanding of the GDPR with this essential pocket guide, which explains the terms and definitions used within the Regulation in simple terms, the key requirements, and how to comply with the Regulation.

Buy now

 

EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide

This must-have guide details what you need to do to comply with the GDPR. It covers the GDPR in terms you can understand, how to set out the obligations of data controllers and processors, what to do with international data transfers, data subjects' rights and consent, and much more.

Buy now

 

Consultancy

GDPR data flow audit – This is the essential step to prepare for compliance with the GDPR.

Receive a thorough audit of the personally identifiable information (PII) in your organisation and receive a data flow map that will help you to identify where your data resides. This will enable you to implement measures to reduce your risk of an information security breach.

Meet GDPR requirements by taking this essential first step in the implementation process.

GDPR Gap Analysis –The GDPR gap analysis service provides an assessment of your organisation’s current level of compliance with the Regulation, and helps identify and prioritise the key work areas that your organisation must address ahead of May 2018.

For more information on any of our services then please contact us at partners@itgovernance.co.uk or call us on +44 (0)330 900 3900.

© Copyright 2013-. All rights reserved