National Cyber Security Centre
New Cyber Advisor scheme will offer assured cyber security consultancy services to small and medium sized companies, helping them achieve a minimum standard of security.
The NCSC is currently inviting organisations to help develop a new Cyber Advisor service. The initial 100 Cyber Advisor assessments will be funded by the NCSC.
A Cyber Advisor will be an individual assessed by the NCSC as having a good understanding of baseline security controls and the ability to provide practical help to companies who want to achieve them.
Qualified Cyber Advisors will initially focus on helping their customers meet Cyber Essentials’ five technical controls – firewalls, secure settings, access controls, malware and software updates – by identifying and helping implement improvements that are right for the size and needs of their customer.
A company engaging the help of a Cyber Advisor doesn’t need to be aiming for Cyber Essentials certification; those controls are being used as a baseline as they help guard against the most common cyber attacks.
Under the new scheme those organisations who have a qualified Cyber Advisor on their staff will be able to apply to become an NCSC Assured Service Provider. Only organisations who become Assured Service Providers and employ a qualified Cyber Advisor will be able to offer NCSC Cyber Advisor services to customers.
Information about the initial Cyber Advisor assessments
The NCSC will initially be fully funding the initial 100 Cyber Advisor assessments. Individual applicants - with differing levels of experience and skills, and from diverse backgrounds across the UK - will be selected to test. Those individuals who complete a free assessment will be asked for feedback and to provide data to help the NCSC develop the Cyber Advisor scheme further and ensure that Cyber Advisors can offer the required knowledge and skill set.
Cyber Advisors will be expected to help organisations by:
- Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT identifying where it fails to meet the Cyber Essentials controls.
- Developing reports on the status of the organisation’s Cyber Essentials controls for senior leadership, detailing the requirements that are met and those that are not, describing why controls are not met and the risks the organisation is exposed to, as well as the recommended actions to take.
- Working with the business to agree remediation activities.
- Planning remediation activities that align to the risk and business priorities.
- Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities.
- Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks.
If you believe that you have the required knowledge and skill set please apply by contacting the scheme’s delivery partner, IASME. Further information can be found on the IASME website.
Anyone who passes the assessment but who is not employed by an Assured Service Provider will not be eligible to offer Cyber Advisor services.
Cyber Advisor Assured Service Providers
To be eligible to offer Cyber Advisor services under the scheme organisations will need to become an Assured Service Provider registered with IASME and employ at least one formally assessed Cyber Advisor.
An organisation applying to be an Assured Service Provider will be expected to meet requirements demonstrating good cyber security and a commitment to achieving an excellent and consistent customer experience through a quality management system. An annual subscription fee will be levied.
To register your interest in participating in the scheme Proof of Concept and to apply for one of the fully-funded Cyber Advisor assessment places, please complete the application form which can be found on the IASME website.
To register your interest in the current Proof of Concept stage and to apply for one of the fully funded Cyber Advisor assessment places, please complete the brief application form on the IASME page.
Latest News from
National Cyber Security Centre
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains23/11/2023 16:05:00
Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.
NCSC warns of enduring and significant threat to UK's critical infrastructure16/11/2023 10:05:00
The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.
UK and Singapore secure agreement against ransomware payments03/11/2023 10:22:00
Members of the CRI have signed a joint statement pledging that central government funds should not be used to pay ransoms to cyber criminals.
UK and allies support Ukraine calling out Russia's GRU for new malware campaign31/08/2023 16:15:00
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
Categorising UK cyber incidents23/08/2023 16:20:00
Explaining the NCSC and UK law enforcement categorisation model for cyber incidents.
NCSC Cyber Incident Response scheme now available to more organisations16/08/2023 13:10:00
Help investigating and recovering from cyber attack now available from a larger pool of assured providers.
NCSC and allies reveal most common cyber vulnerabilities exploited in 202203/08/2023 16:30:00
New advisory highlights how threat actors exploited a larger number of older software vulnerabilities rather than more recently disclosed flaws last year.
Support from British businesses crucial in removing over 235,000 scams, new figures reveal07/07/2023 10:20:00
The sixth annual report from Active Cyber Defence (ACD) highlights success of a “whole-of-society" approach in preventing millions of cyber attacks from reaching UK organisations and citizens each year.