Our cyber security risk assessment helps you identify the cyber risks facing your business and make an action plan
The Cyber Defence Capability Assessment Tool (CDCAT®) helps you evaluate your organisation's ability to manage and maintain an effective strategy to combat cyber risk. Many organisations hold accreditations against a number of security standards and annual audits are resource heavy.
How to conduct a cyber security risk assessment with CDCAT Classic
A cyber security risk assessment is about understanding, managing, controlling and mitigating cyber risk. It is essential that all organisations understand their cyber risk and assess how vulnerable their systems are to threats like cyber attacks and data breaches.
CDCAT contains the most frequently occurring cyber security controls from recognised security standards such as ISO 27001, PCI-DSS, Cyber Essentials and NIST. See the full list.
It is easy to conduct a cyber security risk assessment with CDCAT Classic. A consultant will help you evaluate your organisations approach to cyber defence, through discussions with your IT and Security teams.
Fast and accurate mapping to cyber security standards
Maintaining records on spreadsheets is time consuming and you might underestimate or overlook new risks if you are not up to date with the latest regulatory and mandatory compliances for cyber security.
Developed by APMG using science licensed by the Ministry of Defence (MoD) and the Defence Science and Technology Laboratory (Dstl) CDCAT is frequently refreshed with the latest information, ensuring you are compliant with the most recent cyber security frameworks and standards.
Your Cyber Risk Assessment Report
You will receive report detailing the breakdown of your controls and how much they detect, protect and continually maintain your security. Each report is yours to keep and comes with a breakdown of the following areas:
- Summary: A high-level overview of your company, its weaknesses, and areas for improvement.
- High Level Action Plan: Effectiveness of your current controls according to target and areas of improvement.
- Performance Indicators: Bespoke KPIs tailored to your company to meet your desired goals and timeframes (especially relevant for your technical team).
- Additional Standard: A separate report assessment against an additional security standard.
- Assessment Data: Your data specifically mapped against the selected security controls (especially relevant for your technical team).
- An Action Plan: Providing an overview of your blockers and weaknesses based on the TEPIMOIL mnemonic: Training, Equipment, Personnel, Information, Management, Organisation, Infrastructure and Logistics.
Specialised cyber risk assessment software which saves you time
Pricing starts at £1250 and includes a three-part assessment against the CDCAT Classic Controls. This includes pre-consultancy, the CDCAT assessment and the follow up strategy call. Assessments typically take a day but can change depending on the scale, complexity and nature of your organisation.
Definitions:
- Pre-Consultancy - 1 on 1 Meeting with a CDCAT approved consultant.
- The CDCAT Assessment - Conducting interviews and gathering information with key security stakeholders, then performing the CDCAT Assessment.
- Follow up - Focussed discussion based on the results of the assessment.
Security Standards available in Cyber Defence Capability Assessment Tool (CDCAT)
- Australian Signals Directorate Essential 8 Mitigations Strategies
- Australian Signals Directorate Top 37 Mitigation Strategies
- Australian Signals Directorate Top 4 Mitigation Strategies
- BS ISO/IEC 20000-1
- BS ISO/IEC 27001
- CPNI 20 Critical Security Controls
- CPNI iDATA profiles on ‘Kill Chain’ mitigations
- CPNI Security for Industrial Control Systems (SICS) 2015: Overview + ERS + Vulnerability Assessment
- Defence Cyber Protection Partnership(DCPP) Cyber Security Model – all 4 levels
- HM Government, CIAMM (GPG 40)
- HM Government, Cyber Essentials Scheme
- HM Government, UK 10 Steps to Cyber Security
- HM Government, UK GovCert Top 10
- NATO NCIA CIS Security Capability Breakdown
- NIST Cyber Security Framework (CSF) version 1.1 (update to V1.0)
- NIST SP800-161 Supply Chain Controls
- NIST SP800-53 Security Controls
- NSA NCTOC Top 5 Security Operations Centre (SOC) Principles
- NSA's IAD Top Ten Cybersecurity Mitigation Strategies
- PAS 555
- PCI-DSS V3.2.1
CDCAT® is a registered trade mark of Dstl. All rights reserved.
