-2@2x.png?width=408&height=98&name=Final%20Logo%20White%20(1)-2@2x.png)
Cyber Incident Response Maturity Assessment
This comprehensive, no-holds-barred assessment, provides a 360-degree view of your organisation’s cyber incident response and crisis readiness.
Our clients
.svg.png?width=1200&height=389&name=1200px-Capita_logo_(2019).svg.png){kind=logo}
.png?width=800&height=362&name=FIFA_series_logo.svg%20(1).png){kind=logo}
.png?width=590&height=205&name=BNP%20Paribas%20Logo%20(1).png)
Benefits
- Obtain a comprehensive, 360-view of your organisation’s cyber-resilience maturity measured against easy-to-understand NIST-based Incident Handling categories.
- Understand how your approach to incident response aligns with NIST's approach to incident response.
- Understand how your approach to incident response aligns with ISO 27001:2013’s Annex A.16.1, Incident Management Lifecycle.
- Gain a deep understanding of your detection, response and recovery capabilities across the breadth and depth of your organisation’s operations and strategy.
- Identify upgrade opportunities across a cross-section of your organisation’s pillars of people, processes and technology.
- Identify improvements in operational workflows in the Security Operations.
- Significant opportunity to improve the whole organisation’s cyber resilience posture.
Stakeholders
One of the main objectives of this exercise is to collate and understand what the expected outcome of the service is. To this end, we seek to speak to stakeholders including, but not limited to:
- Project sponsors.
- Executives including CISO, IT Director, IT Security
- Change/Service Management
- GRC team/risk team
- Head of Security Operations, Security Engineering, Forensics
- Third-party and supply chain involved in supporting the security service
- Security analysts operating the SIEM
- Threat management team, network security, AD team, Windows/Systems team
Approach
We adopt the same rigour, discipline and evidence-based approach to all our assessments. In Phase 1, we are in a ‘fact-finding’ mode and want to read and consume all the necessary information. Although we speak to staff in Phase 1, we tend to have more meaningful discussions in Phase 2, as we are more informed and hence more prepared with the right questions.
For the technology assessments, we prefer technology walkthroughs so we can get a feel of the setup, mode of use and configurations. We also get a feel of what a ‘day’ looks like for the operator of the technology.
We then complete the assignment with a management report.
Sample Assessment Schedule
Please note this is an approximation and the actual effort may vary depending on the client, the size of the SOC, the number of analysts and other factors.
Client Testimonials
We have assisted numerous organisations including FIFA, NHS, Capita, BNP Paribas, Formula One Racing, British Medical Journal, and many more with assessments and audits. Here's some feedback from just a few of them.
Mudassar Ulhaq - Chief Information Officer -Waverton Investment Management
"I would recommend Cyber Management Alliance’s tabletop workshops to anyone genuinely interested in being on top of their cyber incident response strategies. The format and style of conducting the entire workshop is what I found a lot of value in. Most importantly, the scenarios on which the workshop was based were relevant to the business, making the exercise a great investment of time and resources."
Aaron Townsend - Service Delivery Manager - British Medical Journal
"In order for BMJ to the right way forward we looked for a VCISO to advise us on the right way to do things and give us expertise. We went to Cyber Management Alliance and it's been about a year now and we ran workshops, looked at our response to incidents, created the incident response plan and we are in a position now where we understand our way forward. Our VCISO keeps us on our toes and overall it's been a very effective way of delivering expertise into the organisation that we wouldn't have normally had."
Neil Mallon - Strategic Technology Leader - Aster Housing
"The Cyber Crisis Tabletop Exercise and corresponding audit conducted by Cyber Management Alliance Ltd was expertly delivered and has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now, and our next focussed steps. We will be engaging CM-Alliance on an annual basis."
James C - CEO, UK Hedge Fund
Amar and the team at Cyber Management Alliance have been a huge help in getting our firm positioned to deal with cyber security risk. Having opened our eyes to the variety and scale of challenges we face, and the potential financial consequences, they worked closely with us to improve our infrastructure, processes and understanding to embed cyber awareness into the firm. Their invaluable experience has guided us to the point where we should receive ISO27001 accreditation in the coming weeks – a key stamp of approval that lets clients know we take these risks very seriously.
