The NCSC is getting ready to launch a new Cyber Advisor scheme that will help organisations which want to implement a minimum standard of cyber security, to identify the skills and advice they need.
Organisations starting out on their cyber security journey will soon be able to benefit from expert skills and advice offered by qualified individuals – Cyber Advisors – working within companies assured by the NCSC.
By assessing the customer and its internet-facing IT, Cyber Advisors will identify where the organisation meets (or doesn’t meet) the Cyber Essentials controls. The advisor then produces a detailed report explaining why the controls are met or not, highlighting any risks the organisation is exposed to, before providing recommended solutions that are right for the size and needs of the customer.
Those employing the service of Cyber Advisors don’t need to be aiming for Cyber Essentials certification; advisors will offer customers hands-on, practical experience to implement the controls to help guard against the most common cyber attacks.
Cyber Advisors will be expected to help organisations by:
- Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT identifying where it fails to meet the Cyber Essentials controls
- Developing reports on the status of the organisation’s Cyber Essentials controls for senior leadership, detailing the requirements that are met and those that are not, describing the why controls are not met and the risks the organisation is exposed to, as well as the recommended actions to take.
- Working with the business to agree remediation activities.
- Planning remediation activities that align to the risk and business priorities.
- Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities.
- Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks.
How to become a Cyber Advisor
One of the key requirements of becoming an Assured Service Provider under the Cyber Advisor scheme is the employment of at least one individual who has passed the cyber advisor assessment. An NCSC Assured Service Provider will also be expected to meet requirements demonstrating good cyber security and a commitment to achieving an excellent and consistent customer experience through a quality management system. An annual subscription fee will also be levied.
For consumers keen to utilise the services of a Cyber Advisor, please contact IASME at [email protected] and we will keep you up-to-date with the development of the scheme.