Cyber Consultancy

Provided by QA

About the course

CDCAT Cyber Maturity Assessment

Faced with evolving threats and escalating risks, understanding and managing your organisation’s cyber defences has become essential to protecting your business. (CDCAT®) is a comprehensive way for organisations to assess their existing cyber defences, identify vulnerabilities and see what improvements should be made.

Its underpinning methodology was developed by the Defence Science and Technology Laboratory (Dstl), for the Ministry of Defence (MOD). Dstl is a government organisation dedicated to ensuring that innovative science and technology contributes to the defence and security of the UK.

Who is CDCAT cyber assessment for?

Any organisation that wants to confirm the effectiveness of its current cyber security controls, or is unsure how to go about establishing its cyber defences.

Do you understand the risks?

According to the UK Government’s Department for Culture, Media and Sport (DCMS) Cyber Security Breaches Survey 2017

• 43% of companies had not attempted to carry out any form of security risk assessment
• 68% had not documented the identified risks in business continuity plans, internal audits or risk registers.

CDCAT® is a registered trade mark of Dstl. All rights reserved.

Cyber Security Standards

Many recognised best practices are built into the tool, for example:

• ISO/IEC 27001
• NIST Cyber Security Framework
• UK’s 10 Steps to Cyber Security
• Cyber Essentials
• CPNI Security for Industrial Control Systems
• Defence Cyber Protection Partnership (DCPP)

The wide selection of standards in the tool allows you to select those most applicable to your organisation, tailoring the assessment to suit your needs.

Benefits of CDCAT

What benefits will CDCAT bring to my organisation?

• Cutting-edge technology Assessments of your organisation’s cyber defence capability are carried out using CDCAT® – a unique approach developed by the MOD and the Defence Science and Technology Laboratory (Dstl).
• Agility Perform rapid assessments of your organisation’s systems and controls to take fast remedial action.
• Tailored expertise Receive tailored advice on your organisation’s defences and cyber security spending.
• Complete scalability Develop an assured strategy regardless of your organisation’s size, systems or market.
• Keep ahead of the threats Cyber threats are continuously evolving – CDCAT®’s mitigations are continuously updated to evolve with the threat.
• Assured cyber security investment Ensure your cyber security spend is based on real and comprehensive evidence.
• Continuous enhancements Monitor the progress of your cyber defences and make repeated assessments to ensure optimal transformation of your organisation’s cyber security.
• Evidence-based reporting Supports compliance programmes and generates evidence to support the General Data Protection Regulation (GDPR) due diligence.

Assessment method:
CDCAT® assessments are conducted by a QA Cyber Consultants who are trained CDCAT assessors.

CDCAT Assessment Summary

To undergo a CDCAT assessment, the scope of the system to be assessed is defined. This could range from a whole organisation, to one main information system, down to a single laptop. The risk tolerance for the system is then agreed - how much business risk is acceptable for that system? This determines the controls and the level of maturity required to be effective against the current threats. If a control is not in place or is not being implemented effectively, this is viewed as a vulnerability and will adversely affect the capability of the organisation to withstand attack. Attackers will always target the weakest link in the security chain. The easily repeatable assessment can take as little as two hours depending on the scope, and produces a report immediately with full explanations. Frequent repetitions enable organisations to be responsive to cyber-criminals’ continuously evolving methods and check any enhancements made to their defences.

Typically, a CDCAT assessment engagement is over three days:

• Day 1 Initial client scoping
• Day 2 CDCAT Assessment with customer team
• Day 3 Delivery of CDCAT Assessment report and customer debrief