Category Archives: Information Security for Government Suppliers

How to prepare your company for achieving List X

Top secret file

 

 

 

 

 

 

 

 

Here at Ascentor we get many companies asking us how they can become a List X company. The answer is always the same – it is not something that you can just do; you must have a contract, usually with the MOD, that requires you to hold sensitive government assets on your own premises. However, there are a few things you can do to prepare if you think a contract may be forthcoming.

This blog aims to give you a few hints and tips about some pragmatic steps you can take to get you up and running as a List X company much quicker. Continue reading “How to prepare your company for achieving List X” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

An introduction to Building Information Modelling (BIM) – Part 1 of 2

Building Information Modelling

 

 

 

 

 

 

 

 

If you run your own construction business or manage large building projects, you will know about the many professions and trades that need to come together to contribute to a modern building or refurbishment. But does information risk and cyber security come into your thinking? If not, it should.

Such projects require detailed information to be transferred between partners such as designers and architects at the planning stage, followed by the construction teams.  A variety of software tools are available to support this process such as 3D modelling packages, CAD software and project management tools.

All of this generates large volumes of data that must be accurate and which has to get to the right people on time. What’s more, it has to be safe from threats – and remain that way. Continue reading “An introduction to Building Information Modelling (BIM) – Part 1 of 2” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Ascentor expands capabilities on Digital Outcomes and Specialists 2

Digita

 

 

 

 

 

 

 

 

Public sector organisations, agencies and associated bodies can now buy more Ascentor services through the Digital Outcomes and Specialists (DOS) Framework.

Ascentor’s cyber security and information assurance consultants have a background in government security and extensive experience in a variety of Information Assurance (IA) disciplines. In the second iteration of the DOS framework, Ascentor’s Digital Outcomes capabilities cover a range of security topics – IA certification, policy, threat modelling, risk management, infrastructure reviews and firewall audits. We can also offer project management, and process and system auditing. Continue reading “Ascentor expands capabilities on Digital Outcomes and Specialists 2” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

‘Not if but when’ – 2017 UK cyber security in focus

2017-uk-cyber-security

 

 

 

 

 

 

 

 

2017 is Ascentor’s thirteenth year in information risk management. Over the years we’ve helped public and private sector organisations address the challenging landscape of cyber security and information assurance. Each year brings different threats – those we already recognise evolve, others are completely new. At the same time the legislative horizon changes as new standards and regulations come into force.

We started 2017 by quoting a tweet from John Chambers, CEO of Cisco, that is as good as any in describing the challenges of the year ahead. “There are two types of organisation: those that have been hacked & those that don’t know they’ve been hacked.” So, it’s increasingly a case of ‘not if but when’ – and a lot of household-name organisations know how painful that felt last year. Continue reading “‘Not if but when’ – 2017 UK cyber security in focus” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

The Future of Information Assurance Accreditation

Checkbox on digital screen

 

 

 

 

 

 

 

 

Ascentor’s Paddy Keating attended the SUAC – Accreditors’ Professional Update and Development Event 2016 on 2-3 November 2016. One of the main topics regarded the future of accreditation within government centred on a recent consultation paper entitled Assuring Information Services for Government prepared by the Accreditation Specialism Advisor Group (ASAG).

The paper identified some drivers for change including efficiency, quality and speed but it also identified the underlying problem of accreditation and accreditors themselves having bad press. Here are Paddy’s reflections on the day. Continue reading “The Future of Information Assurance Accreditation” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

Supply Chain Cyber Security – defeating the weakest link (Part 1)

Cyber chain 2

 

 

 

 

 

 

 

 

It’s an everyday story but it could happen in your business – right under your nose and far more easily than you could have imagined. Who’d have thought that a contractor would cost millions in lost revenue and nearly bring the business to its knees? But that’s what a weak link in your supply chain cyber security can do.

Picture the scene… Brian parks in the street around the corner from work and walks down the side of his company building. The back door, propped half open by the fire extinguisher, makes entry a breeze. He takes off his balaclava and walks down the corridor to the server room. Brian provides IT support to this and other local companies and, as IT system administrator, he has the keys to the server room door… Continue reading “Supply Chain Cyber Security – defeating the weakest link (Part 1)” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Cyber Insurance – can you ever be fully covered?

Cyber insurance image

 

 

 

 

 

 

 

 

Whether it be from hackers, careless employees, malicious insiders or ransomware (pick your own threat list) – organisations are under increasing risk of cyber attack. And, wherever there is a risk – there’s the option of insurance.

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), has been around for over a decade. Now, as cyber threats grow, cyber insurance looks set to join other business insurance policies in the risk management toolkit. But, can it really adequately compensate against the consequences of an attack? Continue reading “Cyber Insurance – can you ever be fully covered?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Reflections on CyberUK in Practice – CESG’s government security conference

CyberUK

 

 

 

 

 

 

 

Ascentor went to the ‘CyberUK in Practice’ event in Liverpool on the 24th and 25th May, organised by CESG. Bringing government, industry and the wider public sector together, the event addressed how we can collectively make the UK safer online.

Over 900 delegates attended, with 60 speakers from government and industry. There was no shortage of topics covered and new developments shared. Indeed, Alex Dewdney, Director of Cyber Security at GCHQ described the event as a ‘step change in how government does cyber security.’

So, with a little time to reflect on the event, we’ve summarised what we thought were the main cyber security discussion points for government and industry. Continue reading “Reflections on CyberUK in Practice – CESG’s government security conference” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

“In cyber security there is no front line” – An update to the Cyber Security Model

Trench image

 

 

 

 

 

 

 

For suppliers to the MOD, change is coming. The planned roll out of CSM in August of 2016 has been delayed. We are now expecting the Cyber Security Model (CSM) to be rolled out to large suppliers from January 2017 – with a full launch by April. FATS (a commercial MOD framework) will also go live in April and it is expected to include the contractual aspects of CSM.

To be compliant with the requirements of the CSM, the MOD supply chain will need Cyber Essentials or Cyber Essentials Plus and have information security governance policies in place. 

Ascentor strongly recommend that defence industry companies prepare for CSM by gaining certification to Cyber Essentials in advance – so they are ready to respond to the new contract requirements. In our experience, the larger the business, the more complex and time consuming the process. Don’t delay and put future contracts at risk.

For assistance on any aspect of CSM or Cyber Essentials, please contact Dave James at Ascentor info@ascentor.co.uk

The following article will tell you more about the CSM…


In August 2015 Ascentor first highlighted the proposals from the MOD to manage the risk to its information from supply chain companies by introducing the Cyber Security Model (CSM). The CSM is a methodology to assess the cyber risk for individual contracts which then mandates that suppliers meet a consistent standard of cyber security.

To update our coverage of CSM, we look at recent developments ahead of the planned roll out, now expected at the end of July 2016. Continue reading ““In cyber security there is no front line” – An update to the Cyber Security Model” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Cutting through the confusion: Government Information Assurance changes explained (part 3 of 3)

Lost and confused signpost

 

 

 

 

 

 

 

Part 3 of 3. This is the third in a series of blog articles where Ascentor discusses some of the recent UK Government Information Assurance changes – and what they mean for you.

Written to be concise, they explain the essential ‘need to know’ facts and implications with links to read further should you wish.

This time our lens has a European focus as we cover two EU regulations that could have a significant impact on the protection of UK data.

In part 3 of the series, we look at:

  • Safe Harbor and Privacy Shield
  • The EU General Data Protection Regulation (GDPR)
  • The Certified Cyber Security Consultancy (CCSC) scheme

Continue reading “Cutting through the confusion: Government Information Assurance changes explained (part 3 of 3)” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share
 
Buy Cialis in UK