Actica Consulting

Cyber Vulnerability Investigation

Actica provides expert resources to enable clients to plan for and undertake Cyber Vulnerability Investigations (CVI) - the Defence ‘gold standard’ in socio-technical analysis of cyber threats - on cloud-dependent systems or platforms in order to understand cyber vulnerabilities as a suitable basis for designing mitigations.

Features

  • Understand holistic (socio-technical) cyber risk to cloud-based technologies
  • Rigorous adherence to the CVI methodology
  • Navigate the ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages
  • Expertise in Human Factors as well as Technical threat aspects
  • Business analysis, including current, target and transition state mapping
  • Incorporates NCSC and Government Digital Service requirements
  • Business impact assessment
  • Skills transfer, training needs analysis, training development and delivery
  • Careful stakeholder management and communication to ensure success

Benefits

  • Domain expertise across Defence (Air, Land, Navy, Defence Intelligence)
  • Deep CVI methodology expertise
  • Actionable information to improve cyber risk profile
  • Broad, deep understanding of wider cyber risk analysis best practice
  • Align CVI process with business constraints
  • Understand benefits of CVI for cloud-dependent technologies
  • Empower SROs/ key sponsors to take action on cyber risk
  • Underpinned by best practice P3M (PRINCE, MSP, MoP and SAFe)
  • Effective stakeholder management and communications planning and delivery

Pricing

£300 to £1,300 a person a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 0 1 1 5 5 0 7 5 6 8 4 2 8 2

Contact

Actica Consulting Michael Murphy
Telephone: +44 (0) 1483484090
Email: cloud@actica.co.uk

Planning

Planning service
Yes
How the planning service works
UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which cloud-dependent systems or platforms are exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:
• Source information gathering and assessment
• SME and cloud industry supplier engagement
• Orientation reporting
• Orientation Transition Review exercise
The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.
Planning service works with specific services
No

Training

Training service provided
Yes
How the training service works
As part of our CVI service, Actica will provide skills transfer in CVI methodology and cyber risk quantification in the context of cloud-dependent systems and platforms to customer personnel. Where required, Actica can provide more formal training, using CVI specialists and expert trainers to enable organisations to unlock the benefits sought from CVI and embed CVI findings in the organisation’s approach to cloud-based technology.
Actica is adept at designing high-quality classroom, print, online and video training materials that reflect an organisation’s security requirements, culture and financial constraints as well as conveying the required core content in accessible, easily digested formats. For example, in organisations with a proactive learning culture, Actica will typically supplement formal training offerings with voluntary drop-in sessions (e.g. ‘lunch and learn’) and online, bite-size modules. For other organisations, a more formal blend of classroom training (typically for those most deeply affected by the change to cloud) and Computer-Based Training is likely to be appropriate.
Training is tied to specific services
No

Setup and migration

Setup or migration service available
Yes
How the setup or migration service works
UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which a system or platform is exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:
• Preliminary and detailed modelling
• Preliminary investigation review
• Mission impact assessment and reporting
• Pink Teaming
• Threat Assessment
The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.
Setup or migration service is for specific cloud services
No

Quality assurance and performance testing

Quality assurance and performance testing service
Yes
How the quality assurance and performance testing works
UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which a system or platform is exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:
• Attack path analysis
• Red Teaming
• Security Architecture Assessments
• Culture and Human Factors Assessments
• Risk quantification
• Risk mitigation strategy
The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.

Security testing

Security services
Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
Certified security testers
Yes
Security testing certifications
Other
Other security testing certifications
  • National Cyber Security Centre Accredited Consultancy
  • CCP Certified Consultants

Ongoing support

Ongoing support service
No

Service scope

Service constraints
None

User support

Email or online ticketing support
No
Phone support
No
Web chat support
No
Support levels
N/A

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Pricing

Price
£300 to £1,300 a person a day
Discount for educational organisations
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.