Strategy and planning
We help you develop strategy and plans to become cyber resilient
The public sector faces significant cyber threats from criminals, hacktivists, and advanced nation-state adversaries. To help address these threats the 2022 UK National Cyber Strategy set an objective for all government departments to adopt the NCSC’s Cyber Assessment Framework (CAF). However, often the public sector lacks the skills and capacity to implement these frameworks.
We work with public sector organisations to help them implement frameworks such as CAF. We educate and train to increase the capacity and ability of existing IT and security staff. We conduct risk assessments to help assess the current situation and then support organisations in developing strategy and a plan. We deliver cyber exercises to raise awareness and test incident response plans.
Find out more here.
We provide the training, tools, knowledge, and support to enable public sector organisations to become cyber resilient.
We help you develop strategy and plans to become cyber resilient
We work with you to understand which risks you need to prioritise and how to address them
We train and educate to make your people cyber secure
CAF is the NCSC's Cyber Assessment Framework. It is a collection of security outcomes an organisation could achieve. It was initially designed as a framework to assess the security maturity of UK Critical National Infrastructure. Its adoption was broaden under the 2022 National Cyber Strategy which set an objective for all UK government departments to lead by example and implement CAF.
Although originally focused on CNI, the framework is applicable to any organisation and offers a clear set of outcomes and easily understandable Indicators of Good Practice.
Public sector bodies rarely rely upon a single IT system. In many cases there will be dozens of systems that all deliver a critical service, and these systems often have complex inter-dependencies. Improving cyber security at an organisational level requires more than just applying security controls on a single system. It instead requires a security strategy for how existing and future technologies are made more secure.
Training existing staff can help in a number of ways. Firstly existing IT staff can be invested in to deliver better security in the systems they already manage. Secondly, improving cyber security requires the delivery of projects. It is often better for an experienced member of staff to manage projects as they understand the organisation better so by upskilling your project managers you can deliver more effective cyber security projects.
If your project managers need more support we can be on-hand to provide advice and guidance.