Technical GDPR Readiness Review

Includes:

  • Half-day on-site consultation visit by our Technical Certified Auditor
  • Overview of required policies within Cyber Essentials, GDPR, PCI DSS, and IASME Governance certification standards
  • Review of your technical Infrastructure through the eyes of a security consultant
  • Legally reviewed & approved Privacy Statement Policy
  • In-depth website scan analysis and report with technical build profile and vulnerability report

Interested?

Leave us your contact information and we'll back with you shortly.

Get Certified

Cyber Essentials

Cyber Essentials

Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks. Cyber Essentials certification only is an online self-completing questionnaire, which is certified by a GCHQ Assessor on behalf of the IASME Consortium.

Cyber Essentials Plus

Cyber Essentials Plus

An on-site Technical Assessment is required by all companies looking to achieve this level of certification once they have gained ‘Cyber Essentials’. Within the assessment, the previous standard is verified and confirmed to be adhered to. Technical examinations relating to workstations, servers, IOT, BYOD devices are fully checked and assessed for any vulnerabilities. On successful completion, the client is awarded the certification badge. The client is given 21 days to correct any failures.

GDPR Compliance

Micro Business Package (GDPR + Cyber Essentials)

A unique service to help your business be as ready as possible in this ever-changing world of regulation. Developed by CRIBB Cyber Security, to increase your security and be as compliant as you can whilst not blowing the budget.

GDPR (General Data Protection Regulation) is now law, regardless of size or turnover, every organisation must ensure it has thorough processes and tools to protect data and restrict access where appropriate. ‘Cyber Essentials’, an official Government certification, reassures customers that you take cyber security seriously and helps to guard against the most common cyber threats.

Your customers and suppliers will shortly require this certification as a minimum.


Who is it for?
Every organisation of 1 to 4 staff

Highlights
    • GDPR and ‘Cyber Essentials’ review plus fact find to understand the policies and procedures your organisation requires
    • Professional one-to-one remote consultancy guiding you through the readiness process
    • Expert website scan and report to identify any security weaknesses

What do you get?
    • Cost effective GDPR and ‘Cyber Essentials’ consultancy from a GOLD certified assessor
    • Policy and procedures review to check suitability to your business
    • ‘Cyber Essentials’ certification
    • Official listing on the National Cyber Security Centre database
    • Free National Cyber Security Centre ‘Small Business Cyber Security Guide’
    • Detailed remote advice guidance
    • Official company policies, procedures and technical requirement listings
    • Five basic policy templates to get you started
    • Expert and Government approved assessor who will be your senior consultant
    • Education to help protect your business, customers and staff
    • Many additional services available to increase your security at reduced costs

Only £1,499 (exc: VAT)

IASME Governance Certification

IASME Governance (with CE/GDPR) Certification

The IASME Governance Standard is risk-based and includes aspects such as physical security, staff awareness and data backup. The UK Government recently recognized it as the best cyber security standard for companies. The IASME Governance Standard includes both Cyber Essentials Standard and an assessment of the forthcoming General Data Protection Regulation (GDPR), intended to strengthen and unify data protection for all individuals within the European Union.


The IASME Governance Standard, Cyber Essentials and GDPR Readiness is an online self-completing questionnaire, which is certified by a GCHQ Assessor. A CRIBB Assessor will arrange a visit you on two separate days to assist with the understanding, policy fulfillment (all required policies are provided as part of the service) and assessment completion. On successful completion of the IASME Governance, (With Cyber Essentials and GDPR Readiness) your certification certificates and logos will be issued.

As an additional bonus, certification will entitle you to free Cyber Liability Insurance with a £25,000 indemnity limit (terms apply) through IASME.

PCI DSS Compliance

PCI DSS Review and Solution

The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process or transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider or system.

CRIBB will run an Official PCI DSS vulnerability scan remotely on firewalls, payment gateways and relevant systems. A PCI/DSS approved report will be generated for your bank or merchant provider. CRIBB will carry out a PCI review to establish if self-assessment is sufficient along with help, guidance and assistance for you to complete the SAQ self-assessment questionnaire, and ultimately obtain your PCI DSS certificate.

Who is it for?
Any organisation that takes credit card payments in any form: internet, phone, terminal, website or stores credit card data.

Highlights

    • Expert on-site PCI Review – initial service to establish what you really need
    • Official DCI DSS scan of primary payment gateway with full report highlighting any weaknesses. This is a significant element of your GDPR compliance and Information Governance initiatives
    • Full Technical IT, policies and procedures review with report as required by the PCI Security Council
    • Guidance and assistance for you to complete the SAQ self-assessment questionnaire


What do you get?

    • You will be PCI DSS compliant for your acquiring bank(s)
    • Experienced and knowledgeable consultant to eliminate risks and errors
    • Annual contract for all scans and services at reduced cost
    • You can have an annual agreement for Official PCI scans and reports to reduce cost
    • Expert and fully Government approved assessor who will be your senior consultant
    • You will get experience, gain knowledge and receive education to protect your business, customers and staff

Consultancy & DPO

Risk Management Assistance

Risk Management Assistance


We can help you understand the likelihood and impact of diverse risks on your operations and monitor, manage and reduce the impact of those risks. You can recover from losses faster, take advantage of emerging business opportunities, and achieve business objectives.

GDPR Assistance

GDPR Consultancy


The General Data Protection Regulation (GDPR) is coming into law on the May 2018. Where it will be replacing ‘Data Protection Act 1998’. It’s adding increased responsibilities onto all businesses that collect or process personal data. Do you comply?

Here at CRIBB Cyber Security, we take your data protection seriously with the new changes to data protection laws introduced by GDPR, we can provide your company with expert assistance in compliance. We can provide consultancy in person at your offices, where during a consultation. Our expert consultants take an in-depth look at your data protection processes and produce a comprehensive roadmap for your business to follow in your quest for GDPR compliance.

Available Services:

  • GDPR Consultancy Assistance and Understanding
  • GDPR Implementation Assistance Consultancy
  • GDPR Compliance review to ensure GDPR is still being followed
PCI DSS Assistance

PCI DSS Assistance



Data Protection Officer Services

Data Protection Officer Services

 

Detection

Vulnerability Scanning

Vulnerability Scanning

 

Mid-level vulnerability scanning carried out at the client premises to detail cyber security flaws and vulnerabilities both internally, externally and website related. All servers and networks are reviewed with the results detailed in a management and technical report on its completion. If faults are found, details of full corrective solutions are issued which the client can address internally or where required, corrected by a trusted fixer. Vulnerability scanning has five alternate verification’s similar to Penetration Testing although is none intrusive compare to Penetration Testing.

  • Internal
    Internal vulnerabilities consist of in-depth in house scans of the infrastructure that relate to your company and advise on any threats that need addressing in a Low, Medium and Critical threat status.
  • External
    External vulnerabilities consist of in-depth scans of web facing devices that relate to your company and advise on any threats that need addressing in a Low, Medium and Critical threat status.
  • Web Applications
    External vulnerabilities consist of in-depth scans of websites that relate to your company and advise on any threats that need addressing in a Low, Medium and Critical threat status.
  • PCI DSS
    To comply with requirement 11.2 of the PCI DSS, merchants and service providers must conduct and pass a quarterly vulnerability test (meaning one scan every 90 days, or 4 scans per year). This service provides the PCI scan certification necessary to demonstrate quarterly compliance.
  • Personal Identifiable Information
    PII vulnerabilities scanning consist of an in-depth in house scan of the infrastructure search for any customer Personal Identifiable Information that needs to be anonymized and /or control put in place relating to unauthorised access. This is a requirement established by GDPR law as of May 2018
Penetration Testing

Penetration Testing

 

A penetration test, colloquially known as a “pen test”, is an authorised simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system’s features and data. The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain the goal. A penetration test target may be a white box (which provides background and system information) or black box (which provides only basic or no information except the company name). A penetration test can help determine whether a system is vulnerable to attack, if the defences were sufficient, and which defences (if any) the test defeated. Penetration Testing comes in many formats depending on your requirement Internal, External, Website and Advanced Office Perimeter access.

Black Box Testing
In a black box test, the client does not provide CRIBB Cyber Security with information about their infrastructure other than a URL or even just the company name. CRIBB Cyber Security is tasked with assessing the environment as if they were an external attacker with no information about the infrastructure or application logic that they are testing. Black box penetration tests provide a simulation of how an attacker without any information, such as an internet hacker, organised crime or a nation a state could present risk to the environment.

Grey Box Testing
A grey box test is a blend of black box testing techniques and white box testing techniques. In grey box testing, clients provide CRIBB Cyber Security with snippets of information to help with the testing procedures. This results in a more focused test than in black box testing as well as a reduced timeline for the testing engagement. Grey box penetration tests provide an ideal approach for assessing web applications that allow users to log-in and access data that is specific to their user role, or their account.

White Box Testing
In a white box test, CRIBB Cyber Security is provided with detailed information about the applications and infrastructure. It is common to provide access to architecture documents and to application source code. It is also usual for CRIBB Cyber Security to be given access to a range of different credentials within the environment. This strategy will deliver stronger assurance of the application and infrastructure logic. It will provide a simulation of how an attacker with information (employee, etc) could present risk to the environment.

Red Team Testing
A Red Team Assessment is similar to a penetration test in many ways but is more targeted. The goal of the Red Team Assessment is NOT to find as many vulnerabilities as possible. The goal is to test the organization’s detection and response capabilities. The red team will try to get in and access sensitive information in any way possible, as quietly as possible. The Red Team Assessment emulates a malicious actor targeting attacks and looking to avoid detection. A Red Team Assessment does not look for multiple vulnerabilities but for those vulnerabilities that will achieve their goals. The goals are often the same as the Penetration Test. Methods used during a Red Team Assessment include Social Engineering (Physical and Electronic), Wireless, External, and more. A Red Team Assessment is NOT for everyone though and should be requested by organizations with mature security programs and high-level security requirements.

Maintenance & Support

Maritime

Maritime Services

CRIBB is an industry-leader in the maritime sector and is proud to offer comprehensive cyber-security and data protection services for your shoreside and shipboard operations.