CYPRO CONSULTING

Cyber Security Project Management

Alleviate the time pressures from your teams and enable them to get back to their day jobs! Our expert cyber security project managers will be responsible to gaining traction for remedial work and driving risk down across your business.

Features

• Dedicated and certified cyber security project managers
• Facilitation of remedial work, driving progress forwards
• Risk reduction across the business through traction gained
• Timely escalation and tracking of issues
• Regular and clear status reporting for operational teams and executive
• Tangible measurement of value for executive decision making
• Establishment of cyber security 'heart beat'
• Customised project management approach depending on your change process
• Tailored risk mitigation strategies depending on your risk management framework
• Proactive management of project timelines and budgets

Benefits

• Relieved time pressures for internal teams
• Expert management driving tangible risk reduction
• Efficient issue resolution and progress tracking
• Executive-level visibility into work performed
• Enhanced cyber security posture with regular reporting
• Improved engagement and understanding across the business
• Customised approach aligns to your change and project management methodologies
• Tangible and measurable cyber risk reduction
• Proactive management ensuring project success
• Streamlined processes for efficient delivery

£525 to £1,400 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

665039709351321

Contact

Jonny Pelter
020 80 888 111
accounts@cypro.co.uk

Planning

• Planning service: Yes
• How the planning service works: 1. Project Initiation and Scope Definition: define project objectives, scope, and stakeholder requirements, establishing clear goals, timelines, and resource allocations.Ascertain any project methodology to be followed, i.e. PRINCE2.; 2. Risk Assessment and Planning: assess potential project risks and vulnerabilities, develop a risk management plan with mitigation strategies and contingency measures.; 3. Stakeholder Engagement and Communication: ensure transparent communication channels, providing regular updates to stakeholders to align expectations and facilitate decision-making.; 4. Implementation and Execution: execute project activities according to plan, focusing on implementing cybersecurity measures and controls, while monitoring progress and addressing deviations.; 5. Testing and Quality Assurance: thoroughly test implemented cybersecurity measures to verify effectiveness and compliance with project requirements and industry standards.; 6. Monitoring and Control: continuously monitor project progress, budget, and risks, implementing corrective actions to keep the project on track.; 7. Closure and Lessons Learned: deliver final outputs, document lessons learned, and conduct post-implementation reviews to identify areas for improvement.; 8. Continuous Improvement: incorporate lessons learned into future project management practices, regularly reviewing and updating methodologies to adapt to evolving cyber threats.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Cloud Security Best Practices Training: Cover encryption, access management, and secure configurations for the chosen cloud platform.; Threat Identification and Response Training: Educate on detecting and mitigating common cloud security threats like data breaches and DDoS attacks.; Compliance Training: Ensure awareness of industry-specific compliance requirements and methods to maintain adherence.; Incident Response Procedures Training: Teach reporting security incidents and coordinating with cloud service providers effectively.; Emerging Threat Awareness Training: Provide updates on evolving threats and trends in cloud computing security.; Interactive Workshops and Simulations: Engage participants in hands-on learning through workshops, simulations, and real-world scenarios.; Security Awareness Programs: Foster a culture of security awareness and responsibility across your organisation.; ; All this can be delivered via in-person training, eLearning, virtual instructor-led training (VILT), interactive training simulations, blended learning approach, gamified learning or access to peer learning communities.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Data Encryption: Utilize TLS for transit encryption and AES for data at rest to secure data during migration.; Identity and Access Management (IAM): Implement RBAC, MFA, and least privilege principles to secure user access.; Network Architecture: Strengthen security with firewalls, segmentation, VPNs, and intrusion detection/prevention systems.; Vulnerability Management: Conduct regular assessments and penetration testing to identify and remediate cloud security weaknesses.; Logging and Monitoring: Set up cloud-native monitoring tools and SIEM systems to track user activities and security incidents.; Data Loss Prevention (DLP): Enforce measures to protect sensitive information during migration, including data classification and encryption.; Compliance and Governance: Ensure adherence to regulatory requirements and industry standards using governance frameworks like the CSA Cloud Controls Matrix.; Disaster Recovery and Business Continuity: Develop and test DR/BC plans with cloud-native backup, failover, and recovery services.; Secure Development Practices: Implement secure coding and DevSecOps methodologies to build and deploy applications securely.; Security Awareness Training: Provide education on security best practices to mitigate human error and insider threats during migration.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: - Test Planning: Develop a comprehensive plan outlining objectives and methodologies for QA and performance testing.; - Functional Testing: Verify security service functionality, including IAM, encryption, and DLP, ensuring compliance with requirements.; - Penetration Testing: Simulate real-world attacks to identify and address vulnerabilities in the cloud environment.; - Vulnerability Assessment: Use automated tools and manual analysis to detect and prioritise security weaknesses.; - Load and Stress Testing: Assess performance and scalability under peak traffic conditions to ensure reliability.; - Resilience Testing: Validate failover mechanisms and disaster recovery plans for business continuity.; - Logging and Monitoring Testing: Confirm effectiveness in capturing security events and generating timely alerts.; - Compliance Testing: Ensure alignment with regulatory mandates such as GDPR and PCI DSS.; - Documentation and Reporting: Document findings and recommendations for stakeholders, facilitating informed decision-making.; - Continuous Improvement: Implement feedback-driven enhancements to adapt to evolving threats and technology trends.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Secure architecture review
  • Secure solution designs
  • Vulnerability scanning and discovery
  • Secure cloud migration
  • Identity and access management audits
  • 24/7 cyber security monitoring
  • Cyber security accreditation (ISO 27001, Cyber Essentials, SOC 2)
  • IT Disaster Recovery Planning
  • Cyber security project and program management
  • Cyber threat assessments
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: - Cloud Security Assessments: Evaluate the security posture of cloud environments to identify vulnerabilities and compliance gaps.; - Secure Cloud Architecture Design: Develop robust and scalable cloud architectures with built-in security controls and best practices.; - Identity and Access Management (IAM) Solutions: Implement IAM solutions to manage user access and permissions, ensuring least privilege principles.; - Data Encryption and Key Management: Secure sensitive data in transit and at rest through encryption and robust key management practices.; - Continuous Monitoring and Threat Detection: Monitor cloud environments continuously to detect and respond to security threats in real-time.; - Security Incident Response and Forensics: Develop and implement incident response plans and conduct forensic investigations to mitigate security incidents effectively.; - Vulnerability Management and Penetration Testing: Identify and remediate vulnerabilities through regular assessments and penetration testing exercises.; - Compliance Audits and Governance Frameworks: Ensure compliance with regulatory requirements and industry standards through audits and governance frameworks.; - Secure DevOps and CI/CD Pipeline Integration: Integrate security into the software development lifecycle to automate security checks and ensure code integrity.; - Security Awareness Training and Education: Educate employees on security best practices and emerging threats to promote a culture of security awareness and responsibility.

Service scope

• Service constraints: We can provide on-site resource but only to organisations within the UK.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on the service level agreement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We provide different support levels depending on the needs of the client:; ; 1. Basic Support: Offers essential support services such as email or ticket-based assistance during standard business hours. Basic support may include help with basic troubleshooting, account setup, and general inquiries.; ; 2. Standard Support: Provides more comprehensive assistance with faster response times and extended support hours. Standard support often includes phone support, dedicated support representatives, and access to a self-service portal.; ; 3. Advanced Support: Offers advanced technical support services such as proactive monitoring, performance optimization, and regular health checks. ; ; 4. Advanced support may include on-site visits, dedicated account managers, and customised solutions tailored to the client's specific needs.; ; 5. 24/7/365 Support: Delivers round-the-clock support for critical security incidents and emergencies. This level of support ensures rapid response and resolution to security incidents regardless of the time of day.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Energy Efficiency Assessments: we can evaluate the energy usage of existing IT infrastructure and recommend strategies for optimizing energy consumption through cloud migration and resource consolidation.; Server Utilisation Optimisation: we analyse server workloads and resource utilisation patterns to optimise server usage and reduce energy consumption in cloud environments.; Renewable Energy Integration: Assist in integrating renewable energy sources such as solar, wind, and hydroelectric power into cloud data center operations to minimize reliance on fossil fuels.; Green Data Center Design Consulting: Provide guidance on designing environmentally sustainable data centers, including efficient cooling systems, modular architecture, and waste heat reuse.; Remote Work Enablement Solutions: Implement cloud-based collaboration tools and remote work solutions to reduce commuting and office energy consumption, supporting environmental sustainability efforts.; Lifecycle Management Services: Manage the entire lifecycle of IT hardware, from procurement to decommissioning, in an environmentally responsible manner, including recycling and disposal programs.; Workload Optimisation Solutions: Implement workload optimisation strategies using cloud services such as auto-scaling, load balancing, and serverless computing to streamline resource usage and improve energy efficiency.

  Equal opportunity

  Recruitment and Hiring Practices: We employ fair and unbiased recruitment processes that focus on qualifications, skills, and experience, ensuring that all candidates are evaluated based on merit alone. We actively seek candidates from diverse backgrounds and underrepresented groups to build a talented and diverse workforce.; Diversity and Inclusion Training: We provide ongoing training and education on diversity and inclusion topics to our employees. This training helps raise awareness of unconscious biases, promotes inclusive behaviors, and fosters a culture of respect and belonging.; Equal Pay: We adhere to principles of pay equity and provide equal pay for equal work, regardless of gender, race, ethnicity, age, sexual orientation, or other personal characteristics.; Career Development and Advancement: We offer career development opportunities and support for all employees to reach their full potential. This includes mentorship programs, training workshops, and leadership development initiatives aimed at advancing individuals from underrepresented groups into leadership roles.; Flexible Work Arrangements: We recognize the importance of work-life balance and offer flexible work arrangements, including remote work options, flexible hours, and part-time schedules, to accommodate diverse lifestyles and responsibilities.; Zero Tolerance for Discrimination and Harassment: We have strict policies in place to prevent discrimination, harassment, and retaliation in the workplace. We investigate all complaints promptly and take appropriate action to address any violations of our policies.; Community Engagement and Partnerships: We engage with external organisations and community partners to promote diversity and inclusion initiatives, support underrepresented groups, and contribute to positive social change.

  Wellbeing

  Health and Safety Measures: We implement robust health and safety protocols in the workplace, including ergonomic workstations and compliance with regulations.; Mental Health Support: We offer counseling services and mental health resources to help employees manage stress, anxiety, and other challenges.; Work-Life Balance: We promote work-life balance through flexible work arrangements, including remote work options and flexible hours.; Wellness Programs: We provide wellness activities and programs to promote physical health, such as fitness challenges and nutrition workshops.; Employee Assistance Programs: We offer confidential support services through employee assistance programs for personal and work-related issues.; Professional Development: We invest in the professional growth of our employees through training, workshops, and tuition reimbursement programs.; Recognition and Appreciation: We regularly recognise and appreciate the contributions of our employees to cultivate a positive work environment.; Social Connections: We encourage social connections and community engagement through team-building activities, social events, and volunteering opportunities.; Wellbeing Policies: We have policies in place to support employee wellbeing, including flexible work policies and anti-harassment policies.; Leadership Support: Our leadership team prioritizes employee wellbeing and serves as role models for healthy work habits and self-care practices.; Feedback Mechanisms: We provide avenues for employees to provide feedback and suggestions for improving workplace wellbeing, ensuring their voices are heard and valued.; Health and Wellness Resources: We offer access to resources such as health screenings and wellness workshops to empower employees to take proactive steps towards their wellbeing.; Community Involvement: We engage in community initiatives and partnerships focused on health, wellness, and social responsibility, providing opportunities for employees to make a positive impact beyond the workplace.

Pricing

• Price: £525 to £1,400 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.