Areas of Practice
Building a Cyber Resilient Organisation
Context
Security hygiene is traditionally addressed by annual training and spear phishing exercises, but this is proving to be ineffective.
CISOs are increasingly seeking interventions to improve the overarching cyber security culture/awareness of all users in support of the cyber security activities and BC/DR planning that are required to be in place for a cyber resilient organisation.
Our Approach
Delivery of an effective cultural shift, post assessments and analysis of the gaps in understanding, behaviours and training and leadership from across all business units. We identify the most effective interventions that will deliver the sustainable cultural change required across a business.
The New Perspective
We work with the senior leadership across the business, not just the CISO and CIO
Cyber Resilience is led by the Business Operations leadership as well as the IT Leadership team
Using risk metrics from the Departmental Leadership teams or Chief Operations Officer, the DPO Information /governance team and CISO function can help target awareness and training to those behaviours that are most prevalent to particular
Maritime Cyber Resilience
The Aristos Partnership approach to maritime cyber resilience is based on industry best practice and the BIMCO's Cyber Security Guidelines for shipping. BIMCO has issued an updated series of guidelines to address the increasing threat to information technology (IT) and operational technology (OT) onboard ships. Maritime Cyber Resilience is being shaped by:
The increased cyber threat to the maritime sector (Maersk, COSCO and others);
The increasing importance of publicly demonstrating compliance with best practice in cyber resilience for operational and strategic reasons ranging from satisfying customer procurement requirements through to underpinning enterprise value;
The IMO has given shipowners and managers until 2021 to include cyber security in the International Safety Management (ISM) code.
Data Protection
Elizabeth Denham the UK ICO Commissioner said that GDPR “brings a 21st century approach to the processing of personal data, providing much more protection for consumers, and more privacy considerations for organisations. If your business isn’t prepared, you’re leaving yourself open to enforcement action that can damage both your public reputation and bank balance.”
We help you to identify your Personal Identifiable Information data sets, map the process flows for these data sets, implement appropriate technical and organisational measures to protect these data sets. We give you the confidence that you are handling data in accordance with GDPR.
Learning and Organisational Development
“Approximately 653,000 businesses (48%) have a basic skills gap.” Ipsos MORI | Cyber security skills in the UK labour market 2020: findings report.
We have an adaptable approach to help organisations respond to their identifiable business risks and to build organisational resilience. Our Board level immersive Cyber Crisis Exercising (Gold/Silver/Bronze) is highly effective in giving organisations a clear review of the business risk posed by a real time cyber attack. We follow up all exercises supporting Boards to develop improved organisational resilience.
We support CISOS and IT leader to develop Cyber Awareness Engagement Strategies that can be implemented and operationalised by organisational learning teams and or specialist cyber security engagement teams.
We deliver bespoke GDPR training, Data Breach Exercises and Decoy Phishing email campaigns.
Threat Led Cyber Resilience
The Aristos Partnership will work with you to identify and implement your required cyber resilience posture.
We will work with you to help you understand how to maintain your cyber resilience in this increasingly digitised environment.
Our threat led approach identifies the most likely and highest impact cyber attacks that could affect your business.
We assess and clarify your threat landscape, deliver a fully scoped response capability to mitigate for the increasing range of cyber risks.
We will provide advice on the optimal mix of people, process and technological interventions.
We take pride of our jargon free reporting clearly to help you navigate the often foggy landscape of cyber resilience and its relationship to your business objectives .
Local Government
Cyber Resilience
The Aristos Partnership will work with you to identify and implement your required cyber resilience posture.
We will work with you to help you to better understand and be aware of the impact of a significant Cyber Attack on the delivery of local government services.
Foster and develop relationships and improved collaboration across your teams in a time of a Crisis, with groups that may not always work together and are unfamiliar with the operational context.
Test and develop the Council’s strategic (Gold/Silver/Bronze)’s leadership, decision making and complex response measures to a Cyber Crisis.
Become more familiar with the strategic communication and information sharing processes with key stakeholders that can be better leveraged and which may need to be developed further (Local Council, Key Customers of Local Council Services, Staff and Supply Chain, National Security, etc).
We take pride of our jargon free reporting clearly to help you navigate the often foggy landscape of cyber resilience and its relationship to your objectives .
Government Cyber Security Strategy 2022-2030
Government Cyber Security Strategy 2022-2030 - Central aim “for government’s critical functions to be significantly hardened to cyber attack by 2025, with all government organisations across the whole public sector being resilient to known vulnerabilities and attack methods no later than 2030.”
We help you to identify your critical functions, harden your critoical systems and implement appropriate technical and organisational measures to protect teh deliverry of critical Local Government services.
AUKUS
The AUKUS partnership has now begun. It has two related lines of effort.
Submarines. AUKUS will provide Australia with a conventionally armed, nuclear powered submarine capability at the earliest possible date, while upholding the highest non-proliferation standards.
Advanced capabilities. AUKUS will develop and provide joint advanced military capabilities to promote security and stability in the Indo-Pacific region.
With our experience in submarines and advanced capabilities, both as practitioners and capability developers, we are well-placed to support this initiative