Certified Cyber Security Consultancy: Cyber Security Incident Management
This cyber security consultancy is aligned with the requirements of the CESG’s Certified Cyber Security Consultancy Scheme (CCSC).
The new scheme replaces the former CESG Listed Advisor Scheme (CLAS). This bespoke consultancy service enables organisations to comply with the UK Government’s stringent information security and assurance requirements.
What can you expect from this consultancy service?
Receive guidance on setting up a process, system or department for managing, responding to and investigating information security incidents at all levels, based on the best-practice incident response framework developed by CREST.
Under guidance of a CESG Certified Professional you will receive consultancy support and advice on:
- Defining and implementing processes and procedures for detecting and managing breaches of security policy and information security incidents, throughout the five key stages of identify, contain, cleanse, recovery, close;
- Defining and implementing processes for investigating breaches of security policy and information security incidents;
- Engaging with the organisation’s incident management process to ensure that breaches of security policy and information security incidents are handled appropriately;
- Establishing and maintaining a Computer Security Emergency Response Team (CERT) or similar to deal with breaches of security policy and information security incidents;
- Establishing a suitable control framework and controls set;
- Coordinating the response to information security incidents and providing a response to clients, third parties, service providers, etc.;
- Threat analysis and risk scenario identification;
- Business impact and criticality assessments;
- Audit log management (access and systems);
- Forensics – evidential standards, legal guidelines, admissibility of evidence, collection and preservation, and tools.
- Escalation and communication;
- Lessons learned, corrective action and trend analysis;
- Recovery and return to business as usual (BAU).
Why IT Governance?
With a strong background in ISO 27001 and cyber security, combined with extensive expertise in dealing with the private and public sector, IT Governance is well placed to deliver the guidance and support required to meet the stringent requirements laid out by the UK Government for information security and assurance. Read more about us here.
Contact us for more information, or to speak to a member of our team about how IT Governance can help your project.