CDCAT Cyber Maturity Assessment
Faced with evolving threats and escalating risks, understanding and managing your organisation’s cyber defences has become essential to protecting your business. (CDCAT®) is a comprehensive way for organisations to assess their existing cyber defences, identify vulnerabilities and see what improvements should be made.
Its underpinning methodology was developed by the Defence Science and Technology Laboratory (Dstl), for the Ministry of Defence (MOD). Dstl is a government organisation dedicated to ensuring that innovative science and technology contributes to the defence and security of the UK.
Who is CDCAT cyber assessment for?
Any organisation that wants to confirm the effectiveness of its current cyber security controls, or is unsure how to go about establishing its cyber defences.
Do you understand the risks?
According to the UK Government’s Department for Culture, Media and Sport (DCMS) Cyber Security Breaches Survey 2017
CDCAT® is a registered trade mark of Dstl. All rights reserved.
Cyber Security Standards
Many recognised best practices are built into the tool, for example:
The wide selection of standards in the tool allows you to select those most applicable to your organisation, tailoring the assessment to suit your needs.
Benefits of CDCAT
What benefits will CDCAT bring to my organisation?
CDCAT® assessments are conducted by a QA Cyber Consultants who are trained CDCAT assessors.
CDCAT Assessment Summary
To undergo a CDCAT assessment, the scope of the system to be assessed is defined. This could range from a whole organisation, to one main information system, down to a single laptop. The risk tolerance for the system is then agreed - how much business risk is acceptable for that system? This determines the controls and the level of maturity required to be effective against the current threats. If a control is not in place or is not being implemented effectively, this is viewed as a vulnerability and will adversely affect the capability of the organisation to withstand attack. Attackers will always target the weakest link in the security chain. The easily repeatable assessment can take as little as two hours depending on the scope, and produces a report immediately with full explanations. Frequent repetitions enable organisations to be responsive to cyber-criminals’ continuously evolving methods and check any enhancements made to their defences.
Typically, a CDCAT assessment engagement is over three days: