WIREDGOV

Increased home working is likely to become more commonplace, even as restrictions lift. This means there are new cyber security challenges to manage, and new technology to be implemented securely. There has also been an increase in the likelihood and impact of cyber attacks during the pandemic, with rises in attacks such as phishing, malware and denial of service (DoS).

To help you manage these new challenges and threats, it’s important you choose the right service provider.

What is the NCSC?

The NCSC is the UK’s National Technical Authority for cyber security incidents. It was formed in 2016, bringing together expertise from the National Technical Authority for Information Assurance (CESG), the Centre for Cyber Assessment, the Computer Emergency Response Team (CERT-UK) and the Centre for Protection of the National Infrastructure to provide a unified national response to cyber threats.

The government’s approach to tackling and managing cyber threats is outlined in the National Cyber Security Strategy 2016-2021.

What are NCSC assured service providers?

By using services offered by NCSC assured suppliers, you can be confident that they meet the National Technical Authority’s standard for high quality.

The NCSC offers assurance for a range of services including consultancy, incident response and penetration testing.

Consultancy services

Certified cyber security consultancy can give you independent, expert advice on a wide and complex range of issues.

NCSC assured consultancy companies can offer the following services:

• audit and review
• risk assessment
• risk management
• security architecture

Incident response

Assured cyber incident response providers help organisations that have been the victim of a cyber attack. This includes understanding the incident, advising how to put steps in place to help protect against attacks in the future, and working with regulators, lawyers, law enforcement and board members, if required.

Penetration testing (CHECK)

CHECK is the term for the NCSC approved penetration testing providers and the methodology used to conduct a penetration test. Companies providing CHECK services use staff who hold NCSC approved qualifications and have suitable experience. Penetration tests are an authorised test of a computer network or system designed to look for security weaknesses. The report and recommendations are produced to a recognised standard.

CHECK was developed for the public sector and organisations forming the UK’s critical national infrastructure (CNI).

What are the benefits of using NCSC assured service providers?

NCSC assured service providers have:

• met the NCSC’s standards and can be trusted to act in NCSC’s name
• a proven track record in delivering high quality consultancy services s
• a defined process for working with customers to understand their needs and tailor advice accordingly
• demonstrated a clear understanding of current and potential cyber threats and techniques and potential effective mitigations
• been independently and rigorously assessed
• shown that they act with integrity objectivity and proportionality
• protect the customer’s confidentiality and integrity and comply with relevant laws and regulations
• a commitment to continuously improve the services offered to meet the evolving needs of customers

How can you buy NCSC assured services?

We worked in partnership with NCSC to develop the Cyber Security Services 3 dynamic purchasing system (DPS). It provides a central route to buy NCSC assured services to help you manage and improve your security function.

The DPS allows you to filter for NCSC assured services, choosing the services and supplier accreditations you need. You can also access suppliers who are not NCSC assured and hold alternative cyber security credentials.

Do you have a cyber security requirement? For more information about Cyber Security Services 3, you can:

• visit our website
• view our on-demand webinar on what you can buy and how to buy through the agreement
• contact our experts by completing our online form