Nobu Security Assessment

Security Assessments

Nobu provides advice and support to organisations to assess their cyber-security awareness. Assessments are conducted along the lines of Government security policy framework and are focused on people, process and technology. Assessments are based on interviews, review of policies and procedures and the technology implemented and operational management and delivery.

Service features

  • Experienced cyber security consultants
  • Risk assessments and remediation planning
  • Securing information at all sensitive levels
  • Delivering customers transformation programmes

Service benefits

  • Assurance about the security of your environment
  • Seamless service provision from assessment through solution design and implement

Cyber Risk Assessment

Nobu can expose cyber vulnerabilities in your business that you may not have deemed a weakness or have simply been overlooked. We will externally validate work that has been done to date on a cyber strategy, from both your internal resource and your external IT providers, to determine if it is fit for purpose

Our personal audit reviews your formal and informal process, policies and customs to cover your organisation for what it is, because that is where the true risks lay. Many cyber breaches are down to the lack of, or slackening of processes, not adhering to information governance policies or people simply using non-secure workarounds to circumvent legacy controls that may be in place.

Once the audit is completed, we provide you with a visual representation of your risk paths. We design a strategy and recommend practical solutions how to manage and eradicate currents risks whilst offering insights how to secure your business from the ongoing and ever developing cyber threat.

ISO27001/2 Assessment

Nobu supports customers with achieving and maintaining ISO27001 compliance. We undertake risk assessments and identify the most suitable risk treatment process based on the appropriate risk profile, implementing a lifecycle approach towards ISO27001 compliance and certification. This includes awareness workshops, documentation delivery and implementing an appropriate and proportional management framework.

Service features

  • Awareness and assessment workshops
  • Communication and buy-in across users, management and stakeholders
  • Framework for structured approach to documentation and management
  • Delivery of policy and procedural documentation
  • Preparation in terms of people, process and technology for compliance
  • Service benefits
  • Embedding security within the culture of organisations
  • A structured approach to information security
  • Your clients will have confidence in your security posture

Cyber Threat Awareness

Raising the awareness of your staff to the ever-present real threat of cyber-crime is necessary and ever more essential to maintain company integrity. However, a potential threat should not stifle staff as they need to remain productive yet empowered to make valued judgments on their own working practices. Nobu offers workshops and training to provide management and staff with new insights, skills and knowledge on the threats and consequences of a cyber breach. Cyber-crime is a business wide issue and it therefore deserves a business wide response.

Cyber threats will in one way or the other adversely disrupt your business, potentially leading to legal action, censorship and most probably significant fines by the ICO. The Nobu approach is based on the UK Government’s Cyber Essentials programme which identifies 5 key domains to be reviewed and assessed with the focus being on technology, processes and people.

Domains

  • Boundaries, firewalls & internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

Raising the awareness of cyber-crime

Cyber threats can hit your business without warning; they can be highly aggressive; they can be passive and in many cases they will be persistent. With a large and diverse range of endpoints in today’s businesses, any device that is directly or indirectly connected to your network could be compromised by a cyber threat or attack.

Constant automated monitoring of these endpoints is required in order to automatically detect any attempted cyber-attack. Once detected, remediation action is taken to mitigate the threat through direct resolution or by placing the compromised endpoint into secure quarantine for offline analysis. The threat intelligence information gained from this attempted attack is subsequently submitted to your threat intelligence solution and then automated patching of identified susceptible endpoints is performed.

Nobu has the experience to provide insight as to how cyber threats propagate through endpoints and network infrastructures. Our expertise enables us to deploy threat detection solutions with practical insight and robustness. Working with your staff and key stakeholders we will design and embed a threat detection and remediation solution allowing you to continue your day-to-day business operations with a renewed degree of confidence.

Red Team

This terminology is traditionally used to identify highly skilled teams acting as rivals to find ways to breach security measure (the Red team) whilst the Blue team will be deployed to expect an attack and as such, detect, oppose and weaken the Red team’s efforts. Nobu can provide the Red team capability to fully test the security of your platforms, systems and environment.

Cyber Security Review

Nobu evaluates your current existing ICT enterprise from a security architecture perspective to ensure the business objectives can be met securely and in accordance with the array of security standards and legislations relevant to the sector your company operates within.

Cyber Security Review

Ensuring your business adheres to security standards and legislations

  1. Reviewing the current ICT enterprise and its adherence to the security regulations, standards and procedures covered below
  2. Providing ICT, Procedural and Physical Security with an understanding of the regulations, standards and procedures required to comply in a specific market sector.  This will include but not be limited to: CESG Information Assurance Standards, Common Criteria, CESG Good Practice Guide, CESG Architectural Patterns, industry best practice, ISO27K, pertinent UK law and SOC 2 Trust Service Principles
  3. Defining the business requirements of the ICT enterprise, identifying key business drivers for security and requirements for the short and long term.
  4. Produce a gap analysis and threat assessment of the ICT Enterprise based on CESG Standards, utilising the CIA Triad
  5. Recommend appropriate and proportionate security controls/countermeasures utilising People, Process and Technology.  For example, improving authentication of remote users via a combination of user awareness training (people), robust password policies (process) and MFA (technology).  Where technology controls are required Common Criteria and CESG Architectural Patterns shall be applied.
  6. Recommendations provided in the form of a Security Technology Roadmap, providing the organisation with an understanding of the urgent high-risk areas through to the quick wins and long-term goals

Service features

  • Adherence to security regulations, standards and procedures
  • Understanding of the regulations, standards and procedures for compliance
  • Business drivers, identify key drivers for security
  • Gap analysis and threat assessment based on CESG Standards
  • Appropriate and proportionate security controls and countermeasures
  • Security Technology Roadmap and programme planning

Service benefits

  • Ensures business objectives are maintained securely
  • Compliance with array of security standards, legislation and regulation
Nobu Accreditation Support

Accreditation Support

Accreditation provides confidence that systems and applied processes and procedures meet the required security standards. This includes determining the security and integrity of the system or systems concerned, its protection, patching, access controls in place and security of the data.

Giving confidence to ensure the protection of data

Working in or for the Defence sector requires strict and proportionate controls to ensure the protection of UK defence interests both within the UK and overseas. Organisations handling UK government information indirectly through their contracts with the Ministry of Defence must ensure they apply the required proportionate protection.

This includes handling, processing and storing this information in compliance with UK Government Policies including, but not limited to, the Security Policy Framework.

Nobu is an independent company and we partner with organisations that are industry leaders in performing specialist services that are necessary in meeting accreditation standards.