CYPRO CONSULTING

Cyber Strategy & Roadmap

Understand what direction your business needs to head in for cyber security, what should be prioritised and importantly, de-prioritised. Establish a baseline current state, a desired target state and a risk remediation roadmap that achieves both your risk management and commercial goals.

Features

• Discover your current cyber security maturity and risk level
• Agree target state with executive and benchmark against your sector
• Cyber roadmap that is optimised for fastest risk reduction
• Execution Plan that achieves maximum risk reduction in shortest time
• Stakeholder engagement plan identifies key people and their responsibilities
• Resourcing plan that allocates resources efficiently to maximise business impact
• Decision making framework that enables risk-informed planning
• Regulatory compliance requirements integrated into plans
• Track ROI and build stakeholder confidence with performance metrics
• Maturity re-assessments measure strategic risk remediation progress

Benefits

• Current cyber maturity is uncovered, enabling informed decision-making
• Target state aligned with industry benchmarks, ensuring resilience
• Clarity on current risk posture and desired future state
• Maximum risk reduction achieved by prioritisation and resource optimisation
• ROI and risk mitigation tracked, informing future decision making
• Resource allocation optimised for impactful outcomes
• Risk-informed decisions enabled for effective past planning
• Compliance integrated into plans, mitigating regulatory risks
• ROI tracked and trust built through measurable performance
• Stakeholders engaged and appraised through clear and concise reporting

£525 to £1,400 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

775078707106704

Contact

Jonny Pelter
020 80 888 111
accounts@cypro.co.uk

Planning

• Planning service: Yes
• How the planning service works: 1. Business Analysis: this phase involves conducting a thorough assessment of your cloud security requirements. We analyse existing infrastructure, data flows, and business processes to identify vulnerabilities and align security strategies with business objectives. The goal is to gain insights into your risk profile, regulatory obligations, and critical assets, enabling informed decision-making.; Solution Design: tailored security solutions are developed based on the findings of the business analysis. Solutions are designed to mitigate identified risks and vulnerabilities. We define technical controls, encryption methods, access management policies, and other security mechanisms to protect your cloud environments. The design phase focuses on scalability, flexibility, and interoperability to ensure that the security solution can adapt to evolving business needs.; Security Architecture: a robust security architecture framework is developed to provide a comprehensive approach to securing cloud environments. This includes defining security policies, standards, and guidelines to govern the implementation and operation of security controls. The architecture encompasses network security, data security, application security, and identity management, incorporating industry best practices such as zero trust principles and defense-in-depth strategies. Regular security architecture reviews and assessments are conducted to validate the effectiveness of controls and identify areas for improvement, ensuring continuous alignment with evolving cyber threats.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Cloud Security Best Practices Training: Cover encryption, access management, and secure configurations for the chosen cloud platform.; Threat Identification and Response Training: Educate on detecting and mitigating common cloud security threats like data breaches and DDoS attacks.; Compliance Training: Ensure awareness of industry-specific compliance requirements and methods to maintain adherence.; Incident Response Procedures Training: Teach reporting security incidents and coordinating with cloud service providers effectively.; Emerging Threat Awareness Training: Provide updates on evolving threats and trends in cloud computing security.; Interactive Workshops and Simulations: Engage participants in hands-on learning through workshops, simulations, and real-world scenarios.; Security Awareness Programs: Foster a culture of security awareness and responsibility across your organisation.; ; All this can be delivered via in-person training, eLearning, virtual instructor-led training (VILT), interactive training simulations, blended learning approach, gamified learning or access to peer learning communities.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Data Encryption: Utilize TLS for transit encryption and AES for data at rest to secure data during migration.; Identity and Access Management (IAM): Implement RBAC, MFA, and least privilege principles to secure user access.; Network Architecture: Strengthen security with firewalls, segmentation, VPNs, and intrusion detection/prevention systems.; Vulnerability Management: Conduct regular assessments and penetration testing to identify and remediate cloud security weaknesses.; Logging and Monitoring: Set up cloud-native monitoring tools and SIEM systems to track user activities and security incidents.; Data Loss Prevention (DLP): Enforce measures to protect sensitive information during migration, including data classification and encryption.; Compliance and Governance: Ensure adherence to regulatory requirements and industry standards using governance frameworks like the CSA Cloud Controls Matrix.; Disaster Recovery and Business Continuity: Develop and test DR/BC plans with cloud-native backup, failover, and recovery services.; Secure Development Practices: Implement secure coding and DevSecOps methodologies to build and deploy applications securely.; Security Awareness Training: Provide education on security best practices to mitigate human error and insider threats during migration.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: - Test Planning: Develop a comprehensive plan outlining objectives and methodologies for QA and performance testing.; - Functional Testing: Verify security service functionality, including IAM, encryption, and DLP, ensuring compliance with requirements.; - Penetration Testing: Simulate real-world attacks to identify and address vulnerabilities in the cloud environment.; - Vulnerability Assessment: Use automated tools and manual analysis to detect and prioritise security weaknesses.; - Load and Stress Testing: Assess performance and scalability under peak traffic conditions to ensure reliability.; - Resilience Testing: Validate failover mechanisms and disaster recovery plans for business continuity.; - Logging and Monitoring Testing: Confirm effectiveness in capturing security events and generating timely alerts.; - Compliance Testing: Ensure alignment with regulatory mandates such as GDPR and PCI DSS.; - Documentation and Reporting: Document findings and recommendations for stakeholders, facilitating informed decision-making.; - Continuous Improvement: Implement feedback-driven enhancements to adapt to evolving threats and technology trends.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Secure architecture review
  • Secure solution designs
  • Vulnerability scanning and discovery
  • Secure cloud migration
  • Identity and access management audits
  • 24/7 cyber security monitoring
  • Cyber security accreditation (ISO 27001, Cyber Essentials, SOC 2)
  • IT Disaster Recovery Planning
  • Cyber security project and program management
  • Cyber threat assessments
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: - Cloud Security Assessments: Evaluate the security posture of cloud environments to identify vulnerabilities and compliance gaps.; - Secure Cloud Architecture Design: Develop robust and scalable cloud architectures with built-in security controls and best practices.; - Identity and Access Management (IAM) Solutions: Implement IAM solutions to manage user access and permissions, ensuring least privilege principles.; - Data Encryption and Key Management: Secure sensitive data in transit and at rest through encryption and robust key management practices.; - Continuous Monitoring and Threat Detection: Monitor cloud environments continuously to detect and respond to security threats in real-time.; - Security Incident Response and Forensics: Develop and implement incident response plans and conduct forensic investigations to mitigate security incidents effectively.; - Vulnerability Management and Penetration Testing: Identify and remediate vulnerabilities through regular assessments and penetration testing exercises.; - Compliance Audits and Governance Frameworks: Ensure compliance with regulatory requirements and industry standards through audits and governance frameworks.; - Secure DevOps and CI/CD Pipeline Integration: Integrate security into the software development lifecycle to automate security checks and ensure code integrity.; - Security Awareness Training and Education: Educate employees on security best practices and emerging threats to promote a culture of security awareness and responsibility.

Service scope

• Service constraints: We can provide on-site resource but only to organisations within the UK.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on the service level agreement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We provide different support levels depending on the needs of the client:; ; 1. Basic Support: Offers essential support services such as email or ticket-based assistance during standard business hours. Basic support may include help with basic troubleshooting, account setup, and general inquiries.; ; 2. Standard Support: Provides more comprehensive assistance with faster response times and extended support hours. Standard support often includes phone support, dedicated support representatives, and access to a self-service portal.; ; 3. Advanced Support: Offers advanced technical support services such as proactive monitoring, performance optimization, and regular health checks. ; ; 4. Advanced support may include on-site visits, dedicated account managers, and customised solutions tailored to the client's specific needs.; ; 5. 24/7/365 Support: Delivers round-the-clock support for critical security incidents and emergencies. This level of support ensures rapid response and resolution to security incidents regardless of the time of day.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Energy Efficiency Assessments: we can evaluate the energy usage of existing IT infrastructure and recommend strategies for optimizing energy consumption through cloud migration and resource consolidation.; Server Utilisation Optimisation: we analyse server workloads and resource utilisation patterns to optimise server usage and reduce energy consumption in cloud environments.; Renewable Energy Integration: Assist in integrating renewable energy sources such as solar, wind, and hydroelectric power into cloud data center operations to minimize reliance on fossil fuels.; Green Data Center Design Consulting: Provide guidance on designing environmentally sustainable data centers, including efficient cooling systems, modular architecture, and waste heat reuse.; Remote Work Enablement Solutions: Implement cloud-based collaboration tools and remote work solutions to reduce commuting and office energy consumption, supporting environmental sustainability efforts.; Lifecycle Management Services: Manage the entire lifecycle of IT hardware, from procurement to decommissioning, in an environmentally responsible manner, including recycling and disposal programs.; Workload Optimisation Solutions: Implement workload optimisation strategies using cloud services such as auto-scaling, load balancing, and serverless computing to streamline resource usage and improve energy efficiency.

  Equal opportunity

  Recruitment and Hiring Practices: We employ fair and unbiased recruitment processes that focus on qualifications, skills, and experience, ensuring that all candidates are evaluated based on merit alone. We actively seek candidates from diverse backgrounds and underrepresented groups to build a talented and diverse workforce.; Diversity and Inclusion Training: We provide ongoing training and education on diversity and inclusion topics to our employees. This training helps raise awareness of unconscious biases, promotes inclusive behaviors, and fosters a culture of respect and belonging.; Equal Pay: We adhere to principles of pay equity and provide equal pay for equal work, regardless of gender, race, ethnicity, age, sexual orientation, or other personal characteristics.; Career Development and Advancement: We offer career development opportunities and support for all employees to reach their full potential. This includes mentorship programs, training workshops, and leadership development initiatives aimed at advancing individuals from underrepresented groups into leadership roles.; Flexible Work Arrangements: We recognize the importance of work-life balance and offer flexible work arrangements, including remote work options, flexible hours, and part-time schedules, to accommodate diverse lifestyles and responsibilities.; Zero Tolerance for Discrimination and Harassment: We have strict policies in place to prevent discrimination, harassment, and retaliation in the workplace. We investigate all complaints promptly and take appropriate action to address any violations of our policies.; Community Engagement and Partnerships: We engage with external organisations and community partners to promote diversity and inclusion initiatives, support underrepresented groups, and contribute to positive social change.

  Wellbeing

  Health and Safety Measures: We implement robust health and safety protocols in the workplace, including ergonomic workstations and compliance with regulations.; Mental Health Support: We offer counseling services and mental health resources to help employees manage stress, anxiety, and other challenges.; Work-Life Balance: We promote work-life balance through flexible work arrangements, including remote work options and flexible hours.; Wellness Programs: We provide wellness activities and programs to promote physical health, such as fitness challenges and nutrition workshops.; Employee Assistance Programs: We offer confidential support services through employee assistance programs for personal and work-related issues.; Professional Development: We invest in the professional growth of our employees through training, workshops, and tuition reimbursement programs.; Recognition and Appreciation: We regularly recognise and appreciate the contributions of our employees to cultivate a positive work environment.; Social Connections: We encourage social connections and community engagement through team-building activities, social events, and volunteering opportunities.; Wellbeing Policies: We have policies in place to support employee wellbeing, including flexible work policies and anti-harassment policies.; Leadership Support: Our leadership team prioritizes employee wellbeing and serves as role models for healthy work habits and self-care practices.; Feedback Mechanisms: We provide avenues for employees to provide feedback and suggestions for improving workplace wellbeing, ensuring their voices are heard and valued.; Health and Wellness Resources: We offer access to resources such as health screenings and wellness workshops to empower employees to take proactive steps towards their wellbeing.; Community Involvement: We engage in community initiatives and partnerships focused on health, wellness, and social responsibility, providing opportunities for employees to make a positive impact beyond the workplace.

Pricing

• Price: £525 to £1,400 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.