Cyber Advisor


Undertake the duties of Cyber Advisor to the NCSC UK Cyber Essentials standards

Cyber Essentials and Cyber Essentials Plus (individually and together referred to as the Scheme) are owned by NCSC and managed for NCSC by IASME Consortium Limited who are NCSC’s exclusive Cyber Essentials Partner. The Scheme requirements for IT infrastructure from April 2023 v3.1

To identify cyber security risks, we look at three key areas: Technology, Processes and People. These give a good indication of where risk mitigations need to be implemented to increase protection. As with any risk to a business you cannot 100% guarantee it will not happen, but you can reduce the risks significantly by implementing basic cyber security practices.

There are five controls in Cyber Essentials

  1. Use a firewall to secure your internet connections
  2. Use secure settings for your devices and software
  3. Control who has access to your data and services
  4. Protect yourself from viruses and other malware
  5. Keep your devices and software up to date

This consulting offer provides a professional service that helps customers get started, configuring features, features that have been left default and extending their use to meet the five simple controls of Cyber Essentials and Cyber Essentials Plus. We do this by providing expertise, capabilities and the know-how that may not be available in-house, following the duties of a Cyber Advisor and extending capabilities and use inside Microsoft 365.

D1 Conduct Cyber Essentials gap analysis. The advisor will assess the organisation and its internet-facing IT identifying where the organisation meets and fails to meet the Cyber Essentials controls.

D2 Develop and present reports on the status of Cyber Essentials controls. After completing a gap analysis, the advisor will prepare a report targeted at senior leadership within a business, detailing the Cyber Essentials requirements that are met and those that are not met. For those not met, the report will describe why the control is not met, the risks the business are exposed to, and the recommended actions the company should take.

D3 Agree remediation activities for Cyber Essentials controls. The advisor will work with the business, its IT Team (if they have one) and the senior leadership team to agree on the remediation activities which should be implemented.

D4 Plan remediation activities sympathetically to operations activities. The advisor will plan remediation activities that align to the risk and business priorities agreed with the senior leadership team.

D5 Implement remediation activities sympathetically to operational activity. The advisor will implement or guide technical teams in implementing remediation activities that align with the risk and business priorities agreed with the senior leadership team.

D6 Develop and present post-remediation/engagement reports. Either post-remediation or at the end of the engagement, the advisor will prepare and present a report aimed at the business's senior leadership team; this will summarise the engagement, detail any remediation work completed, point out any residual risk with recommendations for reducing those risks.

See Pricing based on organisation size and complexity.

We work In partnership with the UK Police Cyber Resilience Centre Download our FREE information pack and become one of the many local businesses benefitting from expert guidance and toolkits designed to help boost your business's cyber resilience levels against cyber-attacks.

Other benefits include: A free 30 minute cyber health consultation: To help you understand your current business cyber-related related risks and whether our services could improve your business's ability to prevent a cyber-attack.

A monthly newsletter full of tips, tricks, and resources to help you tackle current cyber threats and trends.

​Access to affordable and professional cyber security services including a service that can test how strong your website is against the most common types of cyber-attacks.

Entry into our monthly prize draw: Each month, every new member is entered into a prize draw to be in with a chance of winning a Security Awareness Training session, a First Step Web application Assessment, a Corporate Internet Investigation, or an Individual Internet Investigation, worth £500 for their organisation.

Free and easy-to-follow cyber security exercises and toolkits from the National Cyber Security Centre for you to run with your employees.

Invites to all SECRC webinars, roadshow events and conferences.

At a glance