Cyber Breach Response Workshop On Demand
The Cyber Breach Response workshop is designed to equip organisations with the essential knowledge and skills to effectively respond to cyber security incidents. In an age where cyber threats are prevalent, being prepared for a breach is a necessity
Features
- On-Demand training
- Breach emulation
- Playbook and RASCI Matrix
Benefits
- Comprehensive Learning across all levels,
- Identify Key Responisbilites within the organisation,
- Plan Development
- Improve Collaboration
Pricing
£8,000 to £10,550 a unit a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 0 5 9 7 0 6 7 6 0 2 0 8 6 1
Contact
IP Performance Limited
Paul Bright
Telephone: 01275393382
Email: pbright@ip-performance.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Access to simulation scenarios will be restricted based on license authorisation.
- System requirements
-
- Use of a modern browser for the best experience
- Internet speed of at least 4mbp
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Guaranteed response by next business day, Monday to Friday
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
- Uniform support structure, all customers share the same platform. This is provided as part of the subscription.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- The web app will guide you through the on-demand videos and there will be video training on how to use and get the most out of the emulator.
- Service documentation
- Yes
- Documentation formats
- Other
- Other documentation formats
- Video
- End-of-contract data extraction
- Users can request all data that is stored on the user.
- End-of-contract process
- At the end of the contract and the license expires, the user will not be able to log in. Another annual license can be purchased again to restore access.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- The service interface that is a web app through which the on demand content and emulator can be accessed.
- Accessibility standards
- None or don’t know
- Description of accessibility
- As this service is delivered through a Web App users can features on their browser.
- Accessibility testing
- None.
- API
- No
- Customisation available
- Yes
- Description of customisation
- Customers can request access to additional scenarios as well as purchased bespoke scenarios for their own organisation.
Scaling
- Independence of resources
- The service has been designed to scale with user utilisation using autoscaling.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can request all data that is stored on their user.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- The deployed EC2 instances in AWS have an SLA of 99.999% of uptime for hardware.
- Approach to resilience
- Given the nature of the training platform in the event of an outage the platform can be restored with a code first deployment within 15 minutes. User data base is using AWS Aurora RDS base level of resilience.
- Outage reporting
- We have health monitoring that is performed from our reverse proxies and If they detect an issue the redirect to holding page which we have detections set up for.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Access to management interfaces are implemented using Role-Based-Access-Control on each account.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Less than 1 month
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Less than 1 month
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Certified Quality Systems (CQS) LTD
- ISO/IEC 27001 accreditation date
- 21/08/2021
- What the ISO/IEC 27001 doesn’t cover
- There is currently nothing that is not applicable in our Statement of Applicability. The scope of the certification is “The provision internet/networking services, products and security as well as professional certified network management and technical support services to business.”
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- WorldPay Safer Payments
- PCI DSS accreditation date
- 31/12/2016
- What the PCI DSS doesn’t cover
- Nothing, we are fully compliant, although card payments are preferred via telephone rather than in-person.
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Our organisation is Cyberessentials+ Certified
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Any changes that require architectural changes or impact production systems must go through the following:
Clause 6.3: Planning of Changes - When the organization determines the need for changes to the QMS, the changes must be carried out in a planned manner. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Each vulnerability and it is sent through to our security team for review to identify impact and scope. Once a vulnerability has been assessed actions are implemented depending on the level of severity identified. Critical/High - Patch or mitigation in place within 14 days of the disclosure, Medium/Low - Based on the CVSS rating and discovered impact, mitigations are put in place until a patch is made available to the vendor and is patched as part of the next update window. We follow vendor advisory feeds as well as monitor for vulnerabilities impacting any of our products/systems.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We capture network metadata of all traffic that traverses our network, host and server based systems upload audit and event log data directly to our siem. When a siem detection is triggered and our SOAR platform has determined it is true positive an alert is created in our personnel alerting system 'Opsgenie' that an incident has occurred. Internally we have the capacity to respond to a security incident within 15 mins of an alarm being raised.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- We map our incident management processes to the NIST incident response framework.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
Since 2012, IP Performance Ltd has purchased four wind turbines, which are operated and maintained by the DistGen Group of companies. Three are reconditioned Vestas V39 and V52 500kW turbines, generating in the region of 700,000 kWh per annum, whilst the fourth was new and rated at 850kW,generating in excess of 1m kWh. They are located in Orkney, Cheshire, Somerset and Dorset. The turbines provide electricity for the immediate area, with the bulk being fed in to the National Grid. A percentage of the funds generated are redirected to the local community in the form of a Direct Community Contribution, typically paid to the Parish Council for use at their discretion. Whilst ultimately being dependent upon wind speed, this should amount to a sum of £300,000 per site over the planned twenty year operation of each turbine.
Pricing
- Price
- £8,000 to £10,550 a unit a year
- Discount for educational organisations
- No
- Free trial available
- No