Cyber Security Risk Assessment and Gap Analysis

A thorough and structured assessment of your cyber risks with priorities for remediation.

Online Risk Assessment

Take our free online risk assessment and get instant results and an action plan.

The Demise of IS1 & 2 – Are Risk Assessments Really Worth the Effort?

Is Regret The Ultimate Risk Assessment Factor?

Managing Information Risk: Why Do a Risk Assessment?

Free Cyber Security Maturity Assessment resources

The essential Cyber Essentials Certification to demonstrate good practice when it comes to information security. Ascentor offer a cost effective self service process for those that don't need expert support.

Cyber Security Maturity Assessment

A focused assessment of your cyber security maturity so you can prioritise investment, resources and action to improve.

Case study: Information Risk Management Consultancy for Resilient plc

How certification in essential information and cyber security standards with Ascentor helped increase security awareness and build a strong security culture. 

Information Risk Healthcheck

Information Risk Healthcheck

A specialist review of your information and cyber risk management status with recommendations.

10 Top Tips for Writing Information Risk Appetite Statements

Balancing Information Risk With Commercial Opportunity

Once Upon a Time – the Information Risk Management Bed Time Story

The Ideal Profile of the Risk Assessor

Case study: Independent assurance for SeeByte UK’s approach to security

How Ascentor helped SeeByte UK give customers the confidence that they are dealing with a secure, trusted and resilient supply chain organisation.

How to prepare your company for achieving List N

Case study: The Office for Nuclear Regulation (ONR)

How Ascentor helped the Office for Nuclear Regulation (ONR) develop a risk-based assessment methodology for CS&IA inspections of List N facilities.

How to Buy from Ascentor

What’s the difference between cyber security and cyber resilience – and why does resilience matter?

April 24, 2019

Ascentor commended at the Team Defence Information Excellence awards DI19

Ascentor’s integration of Information Assurance (IA) into the defence project lifecycle phases has been recognised at the Defence Information conference, DI19

What is shadow IT and how do you manage it?

Why step up your cyber security strategy?

The most popular cyber security standards explained

Government Suppliers

Public Sector

Project Information Security – Supply Side

Expert, independent security help at the bid or delivery stage of your government project.

Cyber Security Remediation Services

Support your cyber security improvement programme by fixing identified problems and filling in the gaps.

The IASME Governance Standard

A government-backed security standard – an appropriate and cost-effective alternative to ISO 27001 for the smaller business.

Cyber Security Excellence

Cyber Security Basics

The OT and IT debate – is our critical infrastructure safe?

A look back at cyber security in 2017

BIM, Security and the Building Lifecycle

Seven steps to designing a resilient Cyber Security Programme

Are you sure it’s just an RMADS you need?

Case study: Security consultancy for MOD project

How Ascentor’s CESG Certified Professional Security and Information Risk Advisor consultants achieved a successful MOD project transition in three months.

Case study: Specialist security advisors to MOD delivery team

How Ascentor’s Security Assurance Coordinator advice and guidance helped this MOD team deliver OEM security compliance to maintain project pace.

Case study: Specialist security advisors to MOD programme

How Ascentor helped the prime contractor deliver a fully compliant system in accordance with the MOD policy and requirements in just under four months.

How to manage Building Information Modelling (BIM) implementation – Part 2 of 2

An introduction to Building Information Modelling (BIM) – Part 1 of 2

‘Not if but when’ – 2017 UK cyber security in focus

The UK Cyber Security Strategy 2016-2021 – A New Sheriff in Town?

Supply Chain Cyber Security – defeating the weakest link (Part 2)

Reflections on CyberUK in Practice – CESG’s government security conference

“In cyber security there is no front line” – An update to the Cyber Security Model

Data Protection – your ‘need to know’ list is getting longer

MOD Suppliers – the new Cyber Essentials requirements explained

Cutting through the confusion: Government Information Assurance changes explained (part 2 of 3)

The Cyber Security Model for the Defence Industries – why it matters and how to be ready

Cutting through the confusion: Government Information Assurance changes explained (part 1 of 3)

What is ‘IL3’ and why are so many searching for it?

Generation Y and information security – a cyber criminal’s dream?

March 7, 2014

Ascentor selected as first licensed assessors for IASME – the new cyber security standard for SMEs

For more information on the IASME standard please contactDave James. Tel: 01452 881712 Email: [email protected]

Tips for Security Assurance Coordinators on MoD projects

Cyber Security for Government Suppliers: New IA Frameworks and Standards Are On the Way

Nigel Griffiths

IA Consultant

Expertise: Nigel has a military comms background and now fulfils lead accreditation roles on sensitive government projects. He is Prince 2 trained and he is expert in government infosec policy and strategy guidance including security risk assessments, risk mitigating controls and the application and use of ISO 27001, SPF and IAMM.

Badges: HND in Electronics and Telecommunications engineering, CISSP, Certified Ethical Hacker (CEH), Prince 2 Practitioner, ISO 27001 auditor trained.

Style: Versatile and results-focused; loves a challenge.

Loves:  Rugby, reading, Greek food and computers

Five Steps to G-Cloud Accreditation

Anti-Virus Protection for Your Business – Have you Got it Right?

Could BYOD Spell Disaster for Government Suppliers?

Top Tips for Government Security Leads – Part 2

Public Services Network (PSN) Accreditation – The Process Explained

Top Tips for Government Security Leads – Part 1

Paul Trethewey

IA Consultant

Expertise: Ex-Royal Corps of Signals, Paul has intelligence, electronic warfare and information operations experience. He joined Ascentor Ltd in 2009 and specialises in accreditation, risk assessment and risk management, often fulfilling Security Assurance Coordinator roles.

Badges: Master’s Degree (Distinction) Combined Studies, SCCP SIRA, M.Inst.ISP, CISSP, CISM, MoR Practitioner, ISO 27001:2013 Lead Auditor, Business Continuity Management Practitioner, CISMP, CompTIA Network+, MAPM, Prince 2 Practitioner, ITIL V3 Foundation and EU GDPR Practitioner

Style: Personable and focused on getting the job done.

Loves: Walking, DIY and travelling.

Colin Dixon

Principal Consultant

Contact for: All aspects of information risk including risk assessments, risk mitigation (policy, processes, procedure, technical); PCI DSS projects or audit; Change projects or programs.

Email: [email protected]
Telephone: 01452 881712
Connect with Colin Dixon on LinkedIn

Specialist expertise: Colin is a leading authority on corporate governance and legal compliance as it relates to the risks from, and as a consequence of, reliance on information. Colin has persuaded numerous organisations to move from initial naivety in information risk management to managing an appropriate level of risk appetite, both as information security manager and an external consultant. He works with Board Directors and senior executives within all types of organisation.

Colin is a long term Qualified Security Assessor for the Payment Card Industry Data Security Standard (PCI DSS) and lead QSA for many large and medium sized organisations.

Specialist interests: PCI DSS, c orporate governance and information risk, outsourcing, risk assessment, due diligence.

Career summary:

  • Head of risk MWR
  • Head of risk IRM
  • Project manager ISF
  • Information Risk manager BBC
  • Information Security Practice manager PA Consulting
  • Head of technical support Foreign Office
  • Information security manager Foreign Office

Qualifications/accreditations: MBCS,CITP

Colin loves: Farming, blacksmithing and stickmaking.

Susan Dimond-Brown

IA Consultant

Expertise: Susan fulfils Security Assurance Coordinator and accreditation roles on sensitive government projects. Her expertise includes government infosec policy and strategy guidance including security risk assessments, risk mitigating controls and the application and use of ISO 27001, SPF and IAMM.

Badges: CISSP, CEH, CHFI, ITPC HMG Practitioner and Accreditor.

Style: Dedicated and customer-focused with deep attention to detail.

Loves:  All kind of sports (except darts and snooker), walking, reading and playing golf.

Cyber Essentials is changing – our overview

The NHS response to cyber crime – effective measures and why they matter

How will a maturity model strengthen your cyber security?

The NIST Cybersecurity Framework explained – inc. version 1.1

Less rules, more goals. How recent changes in regulatory approaches can enable innovation in information security


August 10, 2018

QI Consulting partners with Ascentor for BBC Framework

QI Consulting has been awarded a place on the BBC’s new Consultancy Services Framework II, which starts…

How to pass Cyber Essentials PLUS first time

CCP Consultants

Our consultants include CCP Accreditors, Senior Information Risk Officers (SIROs) and Information Assurance (IA) Architects. 

Cloud Controls Matrix

A framework of cloud security principles for cloud vendors and buyers.

PAS 1192-5 (BIM) Consultancy

For the security-minded management of Building Information Modelling (BIM) and digital built environments. 

List N

A facilities security clearance for companies within the civil nuclear industry supply chain that handle Sensitive Nuclear Information (SNI).

List X

List X status will confirm that your chosen secure facility meets the relevant UK Government standard for storing classified material.

NIS Directive – NIS (D)

The EU directive for Operators of Essential Services and Digital Service Providers to manage risks to their network and information systems.

Cyber Essentials Scheme

Protect your business from the vast majority of low level basic cyber threats - and gain valuable certification.

The NIS Directive explained – compliance and guidance

Measuring and understanding cyber security effectiveness – where do you start?

What can you do when a patch goes wrong?

July 13, 2017

BIM and GDPR services added to Ascentor’s G-Cloud listings

G-Cloud 9, the latest iteration of the easy-to-use Crown Commercial Service (CCS) contractual framework, went live in 22nd May 2017…

How to prepare your company for achieving List X

GDPR: Do you really need a Data Protection Officer (DPO)?

Ten steps to GDPR compliance

GDPR: What does it really mean for your organisation?

Cutting through the confusion: GDPR and Brexit

Cyber security training for the procurement profession – strong on theory, weak in practice?

An ounce of prevention could be worth a ton of cyber attack cure

Cutting through the confusion: Government Information Assurance changes explained (part 3 of 3)

CLAS Consultancy is dead – long live the CCSC scheme?

Preparing for the NIS Directive – a new cyber security baseline for Europe

IA, IASME, CREST – the Cyber Essentials alphabet soup explained

October 25, 2012

Ascentor Welcomes CESG’s IA Professionals Certification Scheme

CESG today announced the launch of a scheme to certify the competence of Information Assurance and Cyber Security professionals in…

Ascentor’s 5 Minute Guide to IAMM

What is PCI DSS?