Actica Consulting

Cyber Vulnerability Investigation

Actica provides expert resources to enable clients to plan for and undertake Cyber Vulnerability Investigations (CVI) - the Defence ‘gold standard’ in socio-technical analysis of cyber threats - on cloud-dependent systems or platforms in order to understand cyber vulnerabilities as a suitable basis for designing mitigations.

Features

• Understand holistic (socio-technical) cyber risk to cloud-based technologies
• Rigorous adherence to the CVI methodology
• Navigate the ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages
• Expertise in Human Factors as well as Technical threat aspects
• Business analysis, including current, target and transition state mapping
• Incorporates NCSC and Government Digital Service requirements
• Business impact assessment
• Skills transfer, training needs analysis, training development and delivery
• Careful stakeholder management and communication to ensure success

Benefits

• Domain expertise across Defence (Air, Land, Navy, Defence Intelligence)
• Deep CVI methodology expertise
• Actionable information to improve cyber risk profile
• Broad, deep understanding of wider cyber risk analysis best practice
• Align CVI process with business constraints
• Understand benefits of CVI for cloud-dependent technologies
• Empower SROs/ key sponsors to take action on cyber risk
• Underpinned by best practice P3M (PRINCE, MSP, MoP and SAFe)
• Effective stakeholder management and communications planning and delivery

£300 to £1,300 a person a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

501155075684282

Contact

Michael Murphy
+44 (0) 1483484090
cloud@actica.co.uk

Planning

• Planning service: Yes
• How the planning service works: UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which cloud-dependent systems or platforms are exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:; • Source information gathering and assessment; • SME and cloud industry supplier engagement; • Orientation reporting; • Orientation Transition Review exercise; The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: As part of our CVI service, Actica will provide skills transfer in CVI methodology and cyber risk quantification in the context of cloud-dependent systems and platforms to customer personnel. Where required, Actica can provide more formal training, using CVI specialists and expert trainers to enable organisations to unlock the benefits sought from CVI and embed CVI findings in the organisation’s approach to cloud-based technology. ; Actica is adept at designing high-quality classroom, print, online and video training materials that reflect an organisation’s security requirements, culture and financial constraints as well as conveying the required core content in accessible, easily digested formats. For example, in organisations with a proactive learning culture, Actica will typically supplement formal training offerings with voluntary drop-in sessions (e.g. ‘lunch and learn’) and online, bite-size modules. For other organisations, a more formal blend of classroom training (typically for those most deeply affected by the change to cloud) and Computer-Based Training is likely to be appropriate.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which a system or platform is exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:; • Preliminary and detailed modelling; • Preliminary investigation review; • Mission impact assessment and reporting; • Pink Teaming; • Threat Assessment; The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which a system or platform is exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:; • Attack path analysis; • Red Teaming; • Security Architecture Assessments; • Culture and Human Factors Assessments; • Risk quantification; • Risk mitigation strategy; The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications: Other
• Other security testing certifications:
  • National Cyber Security Centre Accredited Consultancy
  • CCP Certified Consultants

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: N/A

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Pricing

• Price: £300 to £1,300 a person a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.