FAQs

ISO 27001 is not necessary a needed accreditation for all organisations. However, it has been seen to be a frequent obligation of many contracts as an applicable certification for organisations who handle any kind of confidential data such as personal information, financial data and intellectually property to ensure additional supply chain security and a level of trust for clients of all the businesses.

The duration of a penetration test can vary depending on several factors, such as the size and complexity of the system or network being tested, the scope of the engagement, and the number and skill level of the testers involved. Typical penetration tests can take anywhere from a few days to several weeks to complete. The duration is not always indicative of the quality or thoroughness of the test; what matters most is that experienced and skilled testers tailor the testing approach to your organisation's specific needs and requirements, ensuring comprehensive coverage and providing valuable insights and recommendations to improve your security posture.

Ethical hacking, or white-hat hacking, is the legal practice of using hacking techniques to identify vulnerabilities and improve security in computer systems, networks, or applications, with permission from the system owner. Ethical hackers follow a code of ethics, use various techniques such as network scanning and password cracking, and must have strong knowledge of computer systems and security protocols. They work as consultants or employees for organisations to help protect against potential attacks by staying updated on the latest threats and vulnerabilities.

Cyber Essentials is a government backed scheme that is designed to help protect your organisation against a range of common Cyber-attacks. Cyber Essentials is provided in two levels, Cyber Essentials Basic and Cyber Essentials Plus. Cyber Essentials Basic is audited through a self-assessment questionnaire with Cyber Essentials Plus being an independently conducted audit of your cyber security controls.

To get started with implementing cybersecurity for your business, conduct a risk assessment, develop a cybersecurity policy, implement technical safeguards, train employees on best practices, and establish an incident response plan. Consider consulting with cybersecurity professionals to ensure measures are tailored to your specific needs and comply with relevant regulations or industry standards. Regularly assess vulnerabilities and perform penetration testing to identify and address weaknesses in your defences.

CHECK was developed for government departments, public sector bodies and the organisations with an IT Health CHECK (ITHC) providing assurances that your internal and external systems are protected from unauthorised access or changes and that they are secured to prevent unauthorised access to HMG government data.

The Cyber Essentials Self-assessment questionnaire will be issued and should only take around an hour to complete if you have prepared answers in advance. Once submitted our qualified assessors will aim to review your answers as soon as possible. If your submission is unsuccessful, you will have two working days to rectify any problems, revise your responses, and submit again.

CHECK and CREST are UK-based organisations that offer certification and accreditation for cybersecurity professionals and companies, with a focus on high standards of quality and professionalism. CHECK is government-backed and primarily focuses on penetration testing, while CREST offers certification in several areas of cybersecurity and accredits companies and individuals that meet certain standards. Both organisations provide assurance to customers and stakeholders, helping build trust and confidence in their cybersecurity capabilities.

Implementing cybersecurity measures can seem like a significant commitment for your business, but obtaining buy-in and commitment from stakeholders is essential to ensuring long-term success. To achieve this, build a strong business case that highlights the benefits of implementing cybersecurity measures and the potential costs of not acting. Engage with key stakeholders early and often throughout the implementation process, providing training and education to help build understanding and promote buy-in. Emphasise the risks of non-compliance and celebrate successes and milestones to build momentum and commitment. Finally, communicate regularly and transparently, fostering a culture of cybersecurity throughout the organisation to ensure long-term engagement and success.

The frequency of penetration testing requirements can vary depending on several factors, including industry regulations, the size and complexity of the organisation, and the risk tolerance of the business. In general, it is recommended to conduct annual penetration tests as a minimum.

To bid for Government contracts that involve handling sensitive and personal information as well as the supplying of certain technical products and services, you will require Cyber Essentials Certification.

Cyber essentials guidance dictates that if you suspect an account has been compromised then password changes should be conducted to ensure that unauthorised access is remediated. When setting a new password, the NCSC recommend the use of three random words with the additional use of MFA. Using a password manager can help generate and store strong passwords for each account, making it easier to manage and maintain good security habits.

There could be various reasons for receiving cheaper quotations from competitors, such as differences in scope of work, quality, pricing models, overheads, profit margins, and experience levels, among others. While lower prices may seem attractive initially, they can lead to subpar service, increased risks, or higher long-term costs due to additional charges or fees. Therefore, it's crucial to evaluate quotes based on value rather than just price alone, considering factors such as the provider's reputation, experience, quality of service, and potential risks. Additionally, being aware of bait and switch tactics can help avoid unexpected charges or fees that could result in higher overall costs.

Cybersecurity is crucial for protecting sensitive data, ensuring business continuity, meeting regulatory compliance, enhancing customer trust, and staying competitive. Implementing robust cybersecurity defences helps safeguard confidential information from unauthorised access, theft, and misuse, minimising the risk of downtime due to incidents, and avoiding potential fines and legal penalties. Demonstrating a commitment to cybersecurity can build trust with customers and stakeholders, and staying up to date with emerging threats and best practices gives organisations a competitive advantage in their industry.

Implementing a cybersecurity framework can offer numerous benefits for organisations seeking to manage cyber risks and protect digital assets, providing a systematic approach that improves risk management, increases regulatory compliance, enhances credibility and trust, enables better incident response, and promotes continuous improvement. With various frameworks such as NIST CSF, ISO 27001, and CIS Critical Security Controls available, the choice depends on specific needs and requirements, as well as industry-specific regulations and standards. Overall, implementing a recognised cybersecurity framework is recommended to strengthen an organisation's cybersecurity posture and safeguard digital assets.

The National Cyber Security Centre (NCSC) in the UK offers a verification scheme to help organisations demonstrate their commitment to cybersecurity best practices. There are three levels of verification under the NCSC scheme: Cyber Essentials, Cyber Essentials Plus, and IASME. Achieving NCSC verification indicates that an organisation has met certain cybersecurity standards, including implementing technical measures, managing risks effectively, and providing adequate training and education for staff. By obtaining NCSC verification, organisations can build trust with customers and stakeholders, demonstrate their commitment to cybersecurity best practices, and ensure appropriate steps are taken to protect data and systems.

A Security Operations Centre (SOC) is a centralised team formed of cyber security professionals tasked with the responsibility of monitoring, triaging, investigating and then resolving security incidents as they appear throughout your network.

Salus are a Cyber Security Consultancy firm based in Cheltenham offering a wide range of services from Penetration testing, governance, and assurance as well as a newly formed Security Operations Centre!

ISO 27001 is a certification used to demonstrate that an organisation follows international standards and best practices for information security management and can provide additional confidence to customers and suppliers.