Assess the risks or remote working and cyber essential and accreditation

This is a paper that is focusing on the assess the risks or remote working and cyber essential and accreditation. The paper also provides additional information to use in the writing of the assignment paper. Below is the assessment description to follow:

Assess the risks or remote working and cyber essential and accreditation

1           Background

Stonebridge Consulting Ltd. (SC) works within an intensely competitive market wherein there are a significant number of IT consulting companies fighting for a relatively small share of the market. The company offers services in 3 main areas:

a.       Firstly, Cybersecurity, including cybersecurity assessments, programme development and maintenance and education of company executives

b.       Secondly, security of Assets and People, including comprehensive security evaluations, integrated risk, vulnerability and threat assessments and equipment and technical infrastructure evaluation; and

c.       Thirdly, business Intelligence, including strategic intelligence, enhanced due diligence and world-wide asset tracing.

SC reported a turnover of £3 million in the financial year 2019-2020.

Assess the risks or remote working and cyber essential and accreditation

There are 5 departments (Consulting – by far the largest, sales, marketing, HR and IT) each led by a director. These departments are located in two offices in the UK, one in Silverstone and another in Cheltenham. Consulting staff along with Sales are based in Cheltenham. The Silverstone office houses the human resources, finance/purchasing and marketing departments. SC outsources its IT to CyHelm, an IT firm out of West London.

You are the Chief Information Security Officer (CISO) of SC. You report directly to the CIO. Also, you have also been assigned to appoint a new Data Protection Officer, currently interviewing candidates.

The COVID-19 pandemic and the requirement for most organisations to change their modus operandi to remote working has led to a spike of high-profile cyber incidents, resulting in digital services outages which have attracted media attention. SC also has to comply with UK requirement to gain the Cyber Essentials Plus Certification in order to participate in Department of Defence projects. These two issues have led SC’s board of directors to take a highly radical approach to security.

There is now an overwhelming need to assess the risk for these two issues; risks of remote working and risks related to the activities required to be undertaken in order to achieve the Cyber Essential + accreditation. The board has also suggested that the company should establish an information risk management strategy, commencing from a thorough risk assessment.

The members of the board have heard that capability maturity models provide holistic, enterprise level risk assessments. The CIO has asked you to review existing capability maturity models and provide a report outlining the model you believe is more applicable to SC while analysing how it should be applied within the company.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *