Cyber Advisor is the National Cyber Security Centre’s new Industry Assurance scheme delivered in partnership with IASME. It provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.
Cyber Advisors (Cyber Essentials) can help organisations assess the gap between their current cyber security stance, and that achieved by implementing the Cyber Essentials technical controls. This service is tailored towards small and medium sized organisations and the Advisors have all been assessed not just on their technical knowledge, but also their ability to work specifically with small organisations.
With the specific needs of an individual business in mind, Cyber Advisors can provide hands-on support to help the organisation take recommended actions.
Cyber Advisors can help organisations by:
-
Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT and identifying where it fails to meet the Cyber Essentials controls
-
Developing reports on the status of the organisation’s Cyber Essentials controls detailing the requirements that are met and those that are not; describing why controls are not met and the risks the organisation is exposed to; recommended actions to take
-
Working with the business to agree remediation activities
-
Planning remediation activities that align to the risk and business priorities
-
Implementing remediation activities, or guiding technical teams in doing so, while remaining sympathetic to operational activities
-
Developing and presenting post-engagement reports, summarising the engagement and detailing any remediation work completed and pointing out any residual risk with recommendations for reducing those risks
Every Cyber Advisor must pass an independent assessment, called the ‘Certificate of Competence in Cyber Essentials Implementation’. The assessment tests an individual’s knowledge and understanding of the Technical Controls, their competence in doing practical, hands-on IT configuration and support, and their ability to understand and work with small organisations.
In addition, all Cyber Advisors work for companies that have met strict requirements and been accepted as an Assured Service Provider for the Cyber Advisor service.
You can find a growing list of registered Cyber Advisors that are located all around the UK on the IASME Website (find a cyber advisor). Contact them directly for advice.
There is no recommended fixed cost for assured Cyber Advisor firms to charge clients. Each job is likely to vary considerably according to the client’s existing security posture and size and complexity of their IT estate.
For more information, please contact IASME at [email protected]