NCSC Certified Cyber Security Consultancy

HELPING YOUR BUSINESS TO THRIVE IN THE INFORMATION AGE™

INFORMATION IS KING PROTECT YOURS...

WHO ARE WE? Stratia Consulting is an independent cyber security consultancy with a successful track record providing Information Assurance services for Commerce, Government and Defence.

Stratia Consulting consists of a core management team of senior security consultants with collective cyber security experience of over 50 years, gained from public and defence sectors.

Around this are a team of passionate and highly qualified consultants and diverse subject matter experts that can efficiently provide the right resources to address the specific project in hand.

We are vendor agnostic and provide independent, pragmatic security advice that keeps the client’s organisational objectives in mind at all times to provide effective security solutions.

We are also an HMG Approved supplier for Cyber Security Services (on multiple frameworks) and an IASME Consortium Gold Certification partner for the IASME and Cyber Essentials Plus qualifications. Many of our principal consultants are certified ISO 27001 Lead Implementers and additionally many of our team are SC or DV cleared.

HOW WE CAN HELP.We are one of the founder National Cyber Security Centre (NCSC) Certified CyberSecurity Consultancies and a Gold Certification Body for the Government Cyber Essentials scheme.

We offer:

• Cyber Risk Assessment and Management Services

• Security Architecture Advice

• Cyber Services for the Healthcare Sector

• Cyber Audit Services for the Utility Sector

• Bespoke Cyber Research

• Cyber Essentials Plus Certification for all organisations

2 STRATIACONSULTING.COM

Some of our previous consulting engagements include:

• The Cabinet Office

• The Foreign and Commonwealth Office

• The Ministry of Defence

• The Security and Intelligence Agencies

• Various UK government Departments and Agencies including DEFRA, the Identity and Passport Service and Environment Agency

• UK emergency services including the Metropolitan Police Service and the UK Maritime and Coastguard Agency

• EDF

• National Grid

• HS2

• Major UK PLCs

TRUST AS STANDARD ™

MAXIMISE THE BENEFITS OF CLOUD SERVICES

HOW WE CAN HELP.Stratia have a wealth of experience in advising clients on which cloud solution is suitable and which service will provide the best security solution, we can advise on the following areas:

• Stratia consultants are ISO27001 lead implementers and assessors for the Government’s Cyber Essentials Scheme.

• We have provided assurance for Her Majesty’s Government (HMG) concerning cloud solutions and advised on the deployment of HMG online services to the cloud.

• Thus we are able to use this experience to provide an all-round consultancy service to help determine the best solution for companies in the process of migrating their operational capabilities to the cloud.

The shift from server to service-based thinking is radically transforming the way technology departments think about providing their services. These advances have created new opportunities for managing costs, increasing flexibility and enabling greater mobility of the workforce. However new risks arise from trusting a third party with your information.

CONTROL THE RISKS Not every cloud has a silver lining. Among the most significant security risks associated with cloud computing is the tendency to bypass IT departments and accepted processes for keeping data secure. In the absence of these standards, businesses are vulnerable to security breaches that can quickly erase any gains made by the switch to cloud applications.

3 T • 0800 644 0193 E • INFO@STRATIACONSULTING.COM

The Cloud Security Alliance (CSA) identified the following nine critical threats to cloud security:

1. Data Breaches

2. Data Loss

3. Account Hijacking

4. Insecure APIs

5. Denial of Service

6. Malicious Insiders

7. Abuse of Cloud Services

8. Insufficient Due Diligence

9. Shared Technology Issues

NATIONAL CYBER SECURITY CENTRE CERTIFIED CYBER SECURITY CONSULTANCY

NETWORK AND INFRASTRUCTURE SECURITY DIRECTIVEWith the rise Cyber-crime and threats of terrorist disruption the EU will require all member states to increase the cyber security protection levels of critical infrastructure and e-trading platforms. It is hoped that there will be an increased sharing of the risks and incidents that are being seen across EU member countries.

WHO IS AFFECTED? If you are in the critical sectors of financial services, health, water, energy, transport you will be required to assess your risks and ensure they have the appropriate controls in place. E-commerce platforms are also considered part of the critical infrastructure.

TRUST AS STANDARD ™

4 STRATIACONSULTING.COM

HOW WE CAN HELP.Risk Assessment to establish the risk exposure to the organisation, and NIS Impact Assessment to establish actions required by the organisation in order to achieve compliance.

Combine the response to the new privacy requirements and the NIS directive in a cost effective review of Cyber and Privacy.

GENERAL DATA PROTECTION REGULATION The new EU General Data Protection Regulation (GDPR) will give data subjects increased powers over their data and mandates further responsibility and accountability for organisations than did previous data protection legislation.

HOW WILL IT IMPACT YOU? The new rules will have a significant impact for organisations holding and processing personal data. Not only are the fines increasing to €20M or 4% of global revenue whichever is the greater, but civil liability is being introduced and it is not just the Data Controller that will be held responsible but also the Data Processor. A new role of Data Protection Officer has been created, and data breaches must be notified to the Information Commissioner’s Office within 72 hours. If an organisation outsources the processing of data to a cloud provider, then the cloud provider will need to be compliant and will be legally accountable for protecting the personal data entrusted to them.

5

HOW WILL YOUR ORGANISATION COMPLY WITH THE SPECIFIC REQUIREMENTS OF THE REGULATION, SUCH AS:

• Privacy by design

• Right to be forgotten

• Data breach notification

• Appropriate technical and organisational measures to reduce the risks

HOW WE CAN HELP.Personal Information Risk Assessment (PIRA) to establish the risk exposure to the organisation.

GDPR Impact Assessment to establish actions required by the organisation in order to achieve compliance.

T • 0800 644 0193 E • INFO@STRATIACONSULTING.COM

BETTER PROTECTIONFOR PERSONAL DATA

Clear consent required to process data Right to move data

from one service provider to another

Easier access to personal data

Stricter safeguards for transfers of personal data outside the EU

Fines ORup to €20 million

4% of global annual turnover

Limits on the use of automated processing of data to make decisions, for example in the case of ‘profiling’

Right to rectify and remove data, including the ‘right to be forgotten’ for data collected as a child

More and clearer information about processing

Right to notification if data is compromised

© European Union. 2015

NATIONAL CYBER SECURITY CENTRE CERTIFIED CYBER SECURITY CONSULTANCY

INFORMATION SECURITY SERVICES FOR THE HEALTHCARE SECTOR On October 31st 2016, the Government warned that the NHS was at risk of cyber attacks, saying that hacking is “no longer the stuff of spy thrillers and action movies” but a clear and present threat. Ben Gummer, minister for Cabinet, went on to say “large quantities of sensitive data” held by the NHS and the Government is being targeted by hackers.

Events in early 2017 have confirmed this with one of the UK’s biggest NHS Health trusts falling victim to a cyber attack in January.

Stratia Consulting can help protect your organisation.

It is vital for Healthcare organisations and their supporting organisations to prepare themselves against the very real and increasing threats.

6

TRUST AS STANDARD ™

STRATIACONSULTING.COM

HOW WE CAN HELP.In addition to our risk assessment and management services, we can advise on the following NHS specific areas:

Advice and Assurance services around compliance and submission of the NHS Information Governance Toolkit (IGT).

Information security analysis and implementation guidance to help organisations conform to the Health and Social Care Network (HSCN) Consumer obligations around ownership and responsibility for the HSCN Connection Agreement. These include incident reporting, cyber and information security, network monitoring compliance, securing information, access controls and information governance.

INFORMATION SECURITY SERVICES FOR THE LEGAL SECTOR The Solicitors Regulatory Authority has highlighted security as one of its priority risk areas. Managing the risk posed by cybercrime is a regulatory requirement. Not only are legal firms being required to comply with professional and legal standards but new legislation from the EU promises a radical tightening in data protection standards.

The Information Commissioner’s Office has fined both the CPS and Serious Fraud Office in 2015 £200,000 and £180,000 respectively for breaches and they have stated that the legal sector was the fourth worst of all sectors.

There are also a rapidly growing number of scams being targeted at businesses, especially legal firms, to de-fraud them or blackmail them through ‘ransomware’ which are becoming harder to spot and prevent.

HOW WE CAN HELP.Clients can benefit from Stratia providing a well-respected and experienced advisor from our team of experts who will provide pragmatic, focused and cost effective security advice. We work extensively with HMG Information security standards and additionally many of our consultants are certified ISO 27001 Lead Implementers.

We have extensive experience enabling Executive level strategy for business supported by highly qualified technical security capabilities.

We can provide everything from risk management to developing a comprehensive security programme to ensure quality response and timely recovery from a data breach in healthcare institutions.

We can help you comply with the Information Commissioner’s specific advice for legal and health sectors; such as storing personal data securely, protecting emails and permanently destroying all the deleted information on equipment that is being re-cycled or disposed of. We can also help you concerning specific sector guidance on secure use of cloud or conducting Cyber Security Due Diligence.

T • 0800 644 0193 E • INFO@STRATIACONSULTING.COM 7

NATIONAL CYBER SECURITY CENTRE CERTIFIED CYBER SECURITY CONSULTANCY

TRUST AS STANDARD™

• met NCSC’s standards and can be trusted to act in NCSC’s name

• a proven track record in delivering high quality consultancy services to customers

• demonstrated a defined process for working with customers to understand their needs and tailor advice accordingly

• demonstrated a clear understanding of current and potential cyber threats and techniques and potential effective mitigations

• demonstrated that we act with integrity; objectivity and proportionality; protects the client’s confidentiality and integrity and complies with relevant laws and regulations

• seek to continuously improve the services offered to meet the evolving needs of the customer

For a free, no obligation discussion with one of our experts to scope out your requirements and discuss how Stratia could help in securing your organisation, please call

0800 644 0193 (Freephone)

or email us at info@stratiaconsulting.com

Stratia Consulting is a Gold Certification Body for the Government Cyber Essentials scheme and one of the founding NCSC Certified Cyber Security Consultancies.

NCSC carry out a rigorous certification process involving scrutiny of our work for past customers as well as the suitability of the experience and qualifications of our staff.

For our clients, this means that whatever your requirement, by choosing a company certified by the Certified Cyber Security Consultancy scheme you can have confidence that we have:

Stratia Consulting Limited53 Chandos PlaceCovent GardenLondonWC2N 4HST • 0800 644 0193 E • info@stratiaconsulting.com W • www.stratiaconsulting.com