Forensic Control

Frequently asked Questions

Frequently asked Questions

 We’re here to help with any questions you have about plans, pricing and supported features.

You can jump to specific products questions below.

Cyber Essentials

Cyber Essentials

What is Cyber Essentials?

Cyber Essentials is a UK government-backed scheme that helps organisations protect themselves from common online threats. It has five technical controls that cover the basics of cyber security. It demonstrates an organisation’s trustworthiness and reputation and is a requirement for some public sector contracts. It should be renewed annually.

There are two levels of certification: Cyber Essentials and Cyber Essentials Plus. To apply for certification, you can use an official Certification Body, of which Forensic Control is one.

How does the Cyber Essentials certification process work?

The Cyber Essentials certification process involves a straightforward assessment of your organisation’s adherence to key security controls. You will need to complete a self-assessment questionnaire to evaluate your implementation of controls in areas such as firewalls, secure configuration, user access control, malware protection, and patch management. The process is designed to be accessible and achievable for organisations of all sizes.

Optionally, you can undergo an external assessment for the Cyber Essentials Plus certification, which involves additional testing and verification.

What are the benefits to us of obtaining a Cyber Essentials certification?

Obtaining a Cyber Essentials certification offers numerous benefits for your organisation. Firstly, it significantly strengthens your cyber security defences by implementing essential controls that protect against common cyber threats. This certification also demonstrates your commitment to cyber security to clients, partners, and stakeholders, boosting their confidence in your ability to protect their data and information.

Cyber Essentials certification can provide a competitive edge in tender processes and open up new business opportunities, especially when dealing with government contracts or organisations that prioritise cyber security. Additionally, some cyber insurance providers may offer reduced premiums for organisations with Cyber Essentials certification.

Is Cyber Essentials mandatory for all businesses?

Currently, Cyber Essentials certification is not mandatory for all organisations. However, it is increasingly becoming a requirement for certain public sector contracts and supply chain partnerships. Even if not mandatory, obtaining Cyber Essentials certification is highly recommended, especially if you handle sensitive data, work with government organisations, or operate in regulated industries. It demonstrates your commitment to cyber security best practices and helps you meet customer expectations regarding data protection and security.

Ultimately, Cyber Essentials certification enhances your organisation’s overall resilience against cyber threats and strengthens your reputation in the marketplace.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

While Cyber Essentials focuses on self-assessment and self-declaration of adherence to cyber security controls, Cyber Essentials Plus involves a more rigorous external assessment. In addition to the self-assessment questionnaire, Cyber Essentials Plus requires an independent cyber security professional to conduct remote testing and verification of your organisation’s implemented controls.

This external assessment provides a higher level of assurance to stakeholders and customers, demonstrating that your cyber security measures are not only implemented but also effectively tested and validated.

 

Why should I consider obtaining Cyber Essentials Plus certification?

Cyber Essentials Plus certification offers several key advantages for your organisation. Firstly, it provides an even stronger level of assurance and validation of your cyber security controls compared to the standard Cyber Essentials certification. This can enhance customer trust and confidence, especially when dealing with sensitive data or engaging in partnerships where cyber security is a critical concern.

Cyber Essentials Plus certification also demonstrates your commitment to proactive cyber security practices, enabling you to differentiate yourself from competitors and potentially gain a competitive advantage in the marketplace.

How does the Cyber Essentials Plus certification process work?

The assessment for Cyber Essentials Plus involves an independent cyber security professional conducting thorough remote testing and verification of the controls you implemented at Cyber Essentials. This will include vulnerability scanning of a sample of your devices as well as testing their controls against malware. The tests also check that two factor authentication is in place for access to cloud services, and that users are not logged in as administrator.

The assessor evaluates your organisation’s adherence to the Cyber Essentials Plus controls and provides a report outlining any identified vulnerabilities or areas for improvement. This rigorous assessment process offers valuable insights into your cyber security posture and helps you address potential weaknesses.

How long does Cyber Essentials Plus certification last?

Cyber Essentials Plus certification is valid for one year from the date of certification. After this period, you will need to undergo a reassessment to maintain your certification. Regular reassessments are crucial as they allow your organisation to demonstrate ongoing compliance with the Cyber Essentials Plus controls and ensure that your cyber security measures stay up to date in the face of evolving threats.

The reassessment process provides an opportunity to review and enhance your cyber security practices, ensuring that your organisation maintains a strong and resilient security posture.

Vulnerability Scanning

What is vulnerability scanning and why is it important for our organisation?

Vulnerability scanning is a proactive cyber security practice that involves the automated identification and assessment of potential vulnerabilities in your organisation’s IT systems, networks, and applications. It helps to identify security weaknesses and misconfigurations that could be exploited by attackers.

Vulnerability scanning is important for your organisation as it allows you to detect and remediate vulnerabilities before they are exploited, reducing the risk of security breaches, data breaches, and unauthorised access. It is a crucial step in maintaining a robust security posture and protecting your sensitive data and systems.

How does vulnerability scanning work?

Vulnerability scanning works by using specialised software tools to scan your organisation’s IT infrastructure for known vulnerabilities. These tools compare the configuration and software versions of your systems against a database of known vulnerabilities and security weaknesses. The scanning process typically involves an automated scan of your laptops, desktops, servers, routers and firewalls.

The scanning tools generate reports that highlight identified vulnerabilities, including information about their severity and potential impact on your organisation’s security. These reports help your IT team prioritise and address the vulnerabilities effectively.

Is vulnerability scanning a one-off activity, or should it be performed regularly?

Vulnerability scanning should be performed regularly to ensure ongoing security of your systems. Cyber threats and vulnerabilities are constantly evolving, so conducting regular scans is essential to stay ahead of potential risks. Ideally, vulnerability scans should be scheduled on a periodic basis, such as monthly or quarterly, depending on the size and complexity of your organisation’s IT environment.

Regular scans help you identify newly discovered vulnerabilities and address them promptly, reducing the window of opportunity for attackers. Additionally, performing vulnerability scans after significant changes to your IT infrastructure, such as system upgrades or network expansions, is highly recommended.

What should we do after a vulnerability scan identifies vulnerabilities?

After a vulnerability scan identifies vulnerabilities, the next step is to prioritise and remediate them based on their severity and potential impact. Your IT team should analyse the vulnerability reports – the reports should include how to remediate the identified issues –  and develop an action plan to address the vulnerabilities. This may involve applying software patches, updating configurations, or implementing additional security controls.

It is crucial to follow a systematic and timely approach to address vulnerabilities, starting with high-severity vulnerabilities that pose the greatest risk to your organisation’s security. Regularly conducting vulnerability scans and promptly remediating identified vulnerabilities will help maintain a strong security posture and reduce the likelihood of successful cyberattacks.

Penetration Testing

What is penetration testing, and why is it important for our organisation?

Penetration testing, also known as ethical hacking, is a proactive cyber security practice that simulates real-world cyberattacks to identify vulnerabilities and assess the security of your organisation’s systems, networks, and applications. It involves authorised security experts attempting to exploit vulnerabilities in a controlled environment. Penetration testing is important for your organisation as it helps uncover security weaknesses that may be missed by automated scanning tools or configuration reviews.

By identifying and addressing these vulnerabilities before malicious actors exploit them, penetration testing strengthens your overall security posture and helps protect sensitive data, systems, and customer trust

How does penetration testing work?

Penetration testing typically follows a systematic and structured approach. It involves a security expert, known as a penetration tester, using various techniques and tools to probe your organisation’s systems for vulnerabilities. The tester attempts to gain unauthorised access, escalate privileges, and exploit weaknesses, mimicking the tactics of real-world attackers.

The testing may cover areas such as network infrastructure, web applications, wireless networks, and social engineering. The penetration tester then provides a detailed report that outlines the vulnerabilities discovered, their potential impact, and actionable recommendations to mitigate them effectively.

Is penetration testing a one-time activity, or should it be performed regularly?

Penetration testing should be performed regularly to ensure ongoing security and to adapt to the evolving threat landscape. Cyber threats, vulnerabilities, and attack techniques are constantly changing, so regular testing helps identify new vulnerabilities that may arise from system updates, software patches, or configuration changes.

It is recommended to conduct penetration tests annually as a baseline, or more frequently if your organisation deals with sensitive data, operates in a high-risk industry, or undergoes significant changes to the IT infrastructure. Regular testing helps ensure that your security measures remain effective and helps maintain a proactive security stance.

What should we expect after a penetration test is performed?

After a penetration test is performed, you can expect to receive a detailed report from the penetration testing team. This report will include a summary of the testing methodology, the vulnerabilities discovered, the techniques used to exploit them, and the potential impact on your organisation’s security.

The report will also provide actionable recommendations to address the identified vulnerabilities and mitigate the risks effectively. It is crucial to review the findings with your IT team and prioritise the remediation efforts based on the severity and potential impact of the vulnerabilities. Regularly conducting penetration tests and promptly addressing the identified vulnerabilities will help fortify your defences and protect against real-world cyber threats.

Digital Forensics

What is Computer Forensics, and why is it important for our organisation?

Digital (also known as Computer) Forensics is the process of collecting, preserving, analysing, and presenting digital evidence in a legally admissible manner. It involves investigating and recovering data from digital devices such as computers, servers, mobile devices, and network logs to uncover evidence of cyber crimes, data breaches, or unauthorised activities. Digital Forensics is important for your organisation as it helps you understand the scope and impact of a security incident, enables identification of the responsible parties, and provides evidence for legal proceedings if necessary. It plays a crucial role in incident response, threat investigations, and ensuring accountability.

How does the Digital Forensics process work?

The Computer Forensics process typically involves several key steps. First, the forensic experts analyse the specific requirements of your case and determine the most appropriate methodology and tools to use. They then collect and preserve digital evidence, ensuring its integrity and maintaining a documented chain of custody. Next, they conduct a detailed analysis of the evidence, employing various techniques to recover and examine relevant data. This may involve examining file systems, network logs, memory dumps, or even conducting advanced data recovery techniques. Finally, the findings are documented in a comprehensive report, which includes an explanation of the findings, analysis, and any recommendations or actions to be taken.

We have an excellent IT team. Can they do the forensic investigation?

It’s not recommended that your inhouse IT department carries out any forensic analysis for two reasons. While they may be highly technically competent, it is unlikely that they understand the consequences of their actions. Even turning on a computer to “have a look” can destroy previously existing information that might have been crucial to what you are looking to prove.

Secondly, if the analysis is carried out by your IT team, not only will the completeness and accuracy of their findings be open to doubt, their integrity will be subject to question as they are not independent of the organisation – you can’t be the police and the judge!

When should our organisation consider engaging Digital Forensics services?

Engaging Digital Forensics services is recommended in various scenarios, including:

a. Incident Response: When your organisation experiences a security incident, such as a data breach, unauthorised access, or a cyberattack, Digital Forensics services can help investigate the incident, identify the root cause, and collect evidence for remediation and legal purposes.

b. Litigation Support: If your organisation is involved in a legal dispute where digital evidence is relevant, Digital Forensics services can assist in collecting, analysing, and presenting the necessary evidence to support your case.

c. Employee Misconduct: When there are suspicions or allegations of employee misconduct, such as unauthorised data access or intellectual property theft, Digital Forensics services can help gather evidence, determine the extent of the misconduct, and assist in disciplinary or legal actions.

d. Compliance Requirements: In regulated industries or organisations subject to compliance standards, Digital Forensics services can help ensure adherence to regulatory requirements by conducting periodic audits, investigations, or due diligence.

Security Posture Review

What is a Security Posture Review, and why is it important for our organisation?

A Security Posture Review is a comprehensive assessment of your organisation’s overall security posture, including policies, procedures, controls, and technologies. It helps evaluate the effectiveness and adequacy of your existing security measures and identifies areas for improvement. The review assesses your organisation’s ability to detect, prevent, and respond to security incidents, as well as its compliance with relevant regulations and industry best practices. A Security Posture Review is important for your organisation as it provides a holistic view of your security strengths and weaknesses, allowing you to make informed decisions to enhance your security defences, mitigate risks, and protect your valuable assets.

How does a Security Posture Review work?

A Security Posture Review typically involves a team of experienced security professionals who conduct an in-depth assessment of your organisation’s security controls, policies, procedures, and technologies. They may review documentation, conduct interviews, perform technical assessments, and analyse security-related data. The review covers various areas, such as network security, access controls, incident response capabilities, data protection measures, and employee awareness programs. The security professionals will provide you with a detailed report that outlines their findings, identifies vulnerabilities, and offers actionable recommendations to strengthen your security posture.

When should our organisation consider a Security Posture Review?

Consider a Security Posture Review in several scenarios, including:

a. After a Security Incident: If your organisation has experienced a security breach, data loss, or a significant security incident, a Security Posture Review can help identify the root causes, assess the impact, and provide guidance on remediation and prevention strategies.

b. Regulatory Compliance: If your organisation operates in a regulated industry or is subject to compliance standards, a Security Posture Review helps ensure that your security measures align with regulatory requirements and industry best practices.

c. Mergers and Acquisitions: When engaging in mergers, acquisitions, or partnerships, a Security Posture Review can help assess the security readiness of the entities involved, identify potential risks, and ensure a smooth integration of security controls.

d. Proactive Security Evaluation: Regularly conducting a Security Posture Review, even in the absence of specific incidents or compliance requirements, helps proactively assess your security posture, identify emerging threats, and stay ahead of potential risks.

What are the benefits of a Security Posture Review for our organisation?

A Security Posture Review offers several benefits to your organisation. Firstly, it provides a comprehensive understanding of your current security state, highlighting strengths and weaknesses across various areas. This knowledge enables you to prioritise investments, allocate resources, and implement targeted security improvements. A Security Posture Review helps you identify and mitigate vulnerabilities, reducing the risk of security incidents, data breaches, and financial losses. Additionally, the review helps ensure regulatory compliance, enhances customer trust and confidence, and demonstrates your commitment to safeguarding sensitive information. By proactively assessing and improving your security posture, you enhance your overall resilience and protect your organisation’s reputation and valuable assets.

Cyber Security Consultancy

What is cyber security consultancy, and why is it important for our organisation?

Cyber security consultancy involves engaging experienced professionals to provide expert advice, guidance, and support in developing and implementing effective cyber security strategies. Consultants assess your organisation’s current security posture, identify vulnerabilities, and recommend appropriate measures to mitigate risks. Cyber security consultancy is important for your organisation because it helps you navigate the complex and ever-changing cyber security landscape. It ensures that you have access to specialised expertise and industry best practices, enabling you to strengthen your defences, protect sensitive data, and effectively respond to emerging threats.

How does cyber security consultancy work?

Cyber security consultancy typically starts with an assessment of your organisation’s current security posture, policies, and procedures. The consultant will evaluate your infrastructure, applications, data protection practices, employee awareness, and incident response capabilities. Based on this assessment, the consultant will provide tailored recommendations to enhance your cyber security posture. This may include developing or updating security policies, implementing security controls, conducting employee training, performing risk assessments, and establishing incident response plans. The consultant will work closely with your organisation to ensure the successful implementation of the recommended measures and provide ongoing support and guidance.

When should our organisation consider engaging cyber security consultancy services?

Consider engaging cyber security consultancy services in various scenarios, including:

a. Security Risk Assessment: If you want an independent and thorough evaluation of your organisation’s security risks and vulnerabilities, cyber security consultancy services can help identify gaps and provide recommendations to mitigate those risks.

b. Compliance Requirements: If your organisation operates in a regulated industry or must comply with specific data protection standards, cyber security consultancy services can assist in ensuring compliance and avoiding potential penalties or legal issues.

c. Incident Response and Recovery: After experiencing a security incident or data breach, engaging cyber security consultancy services can help assess the impact, investigate the root causes, and develop strategies to prevent future incidents.

d. Security Strategy Development: If your organisation is in the process of developing or updating its cyber security strategy, cyber security consultancy services can provide expert guidance, helping you align your security initiatives with your business objectives effectively.

What are the benefits of cyber security consultancy for our organisation?

Engaging cyber security consultancy services offers several benefits for your organisation. Firstly, it provides access to specialised knowledge and expertise in the rapidly evolving field of cyber security. This enables you to make informed decisions and implement effective security measures tailored to your organisation’s specific needs. Cyber security consultancy helps identify and mitigate vulnerabilities, reducing the risk of security breaches, data loss, and reputational damage. It also enhances your organisation’s ability to meet regulatory requirements and industry standards. Additionally, cyber security consultancy services help build a culture of security awareness among your employees, promoting a proactive approach to cyber security throughout the organisation. Overall, cyber security consultancy empowers your organisation to strengthen its security posture, protect sensitive information, and maintain a resilient and secure environment.