home

CESG is UK Government's National Technical Authority for Information Assurance (IA).

CLAS is the CESG Listed Adviser Scheme. The Scheme aims to satisfy this demand by creating a pool of high quality consultants approved by CESG to provide Information Assurance advice to Government departments and other organisations who provide vital services for the United Kingdom. Ascentor has a team of expert IA and CLAS consultants working as part of project delivery teams. Our CLAS consultants have a wealth of experience in understanding the risks to Government systems and identifying real world controls to mitigate those risks. We reduce the dreaded project risks of time and cost over run.

Expands on Information Assurance or Information Risk Management to include the ability to proactively respond to the threats. Cyber security involves protecting information by preventing, detecting and responding to attacks.

Information Assurance is the confidence that information systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users (from CESG - The National Technical Authority for Information Assurance). Information Assurance (IA) expands on Information Security to highlight the need for formal assurance requirements. Information Assurance is the term used by most western governments.

Information Risk Management is the solution to managing an organisation's information risks. It is the process of identifying, understanding and managing the risks to your information within the context of an organisation’s business needs. It is what we do here at Ascentor (see: Information Risk Management the Ascentor Way).

Information risks are the threats and vulnerabilites every organisation faces today – the growing need to protect the information we rely on from loss, damage or malicious attack. Information risks, like any risk, can either be:

All security controls (physical, procedural, personnel and technical) that are used to protect the confidentiality, integrity and availability of information, regardless of form (on IT systems, hardcopy prints, telephone lines etc.) Information security is the term used in the commercial world (for government sectors see IA). It is the result we all want – adequate protection for the information we all rely on.

IT or Computer Security refers to the technical security controls used to protect the functionality of IT systems or the information they contain. As would be expected these controls are biased towards availability and integrity of systems and access controls.

"Modern IT security... At the basic end of the spectrum, this means keeping all software patched, minimising exposure to attack via untrusted networks and auditing for unusual behaviour. At the more complex end, it is about broad and comprehensive monitoring to quickly detect and respond to intrusions. At both ends, it's about ensuring you know when an attacker has got into your network, minimising the (temporary) access they enjoy, ensuring you know what they've done, knowing you can kick them out quickly, and being sure they can't get back in the same way." Dr Ian Levy, Head of CESG, quoted in the Guardian Government Computing, 25 October 2011.

PCI:DSS is the Payment Card Industry Data Security Standard is the universal standard that applies to any organisation that stores, processes or transmits Cardholder Data (Primary Account Number and its associated data). The Standard covers any branded payment card (Visa, MasterCard, JCB, Discover, Amex.) and is policed by the Aquiring Banks under their contracts with retailers.  Information on how Ascentor can help you achieve PCI:DSS accreditation here.

The Pubic Service Network (PSN) will create the effect of a single network across the UK public sector, delivered through multiple service providers. It aims to create a more efficient marketplace for public sector ICT services, and ensure ongoing value and innovation, while reducing costs. The PSN is the enabling network layer for the Government ICT Strategy. Any organisation or system connecting to the network will need to be compliant. Find out how Ascentor can help your organisation to achieve compliance here.