Actica Consulting

Cyber Vulnerability Investigation

Actica provides expert resources to enable clients to plan for and undertake Cyber Vulnerability Investigations (CVI) - the Defence ‘gold standard’ in socio-technical analysis of cyber threats - on cloud-dependent systems or platforms in order to understand cyber vulnerabilities as a suitable basis for designing mitigations.

Features

  • Understand holistic (socio-technical) cyber risk to cloud-based technologies
  • Rigorous adherence to the CVI methodology
  • Navigate the ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages
  • Expertise in Human Factors as well as Technical threat aspects
  • Business analysis, including current, target and transition state mapping
  • Incorporates NCSC and Government Digital Service requirements
  • Business impact assessment
  • Skills transfer, training needs analysis, training development and delivery
  • Careful stakeholder management and communication to ensure success

Benefits

  • Domain expertise across Defence (Air, Land, Navy, Defence Intelligence)
  • Deep CVI methodology expertise
  • Actionable information to improve cyber risk profile
  • Broad, deep understanding of wider cyber risk analysis best practice
  • Align CVI process with business constraints
  • Understand benefits of CVI for cloud-dependent technologies
  • Empower SROs/ key sponsors to take action on cyber risk
  • Underpinned by best practice P3M (PRINCE, MSP, MoP and SAFe)
  • Effective stakeholder management and communications planning and delivery

Pricing

£300 to £1300 per person per day

Service documents

G-Cloud 11

757967196230084

Actica Consulting

Michael Murphy

+44 (0) 1483484090

cloud@actica.co.uk

Planning

Planning
Planning service Yes
How the planning service works UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which cloud-dependent systems or platforms are exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:
• Source information gathering and assessment
• SME and cloud industry supplier engagement
• Orientation reporting
• Orientation Transition Review exercise
The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.
Planning service works with specific services No

Training

Training
Training service provided Yes
How the training service works As part of our CVI service, Actica will provide skills transfer in CVI methodology and cyber risk quantification in the context of cloud-dependent systems and platforms to customer personnel. Where required, Actica can provide more formal training, using CVI specialists and expert trainers to enable organisations to unlock the benefits sought from CVI and embed CVI findings in the organisation’s approach to cloud-based technology.
Actica is adept at designing high-quality classroom, print, online and video training materials that reflect an organisation’s security requirements, culture and financial constraints as well as conveying the required core content in accessible, easily digested formats. For example, in organisations with a proactive learning culture, Actica will typically supplement formal training offerings with voluntary drop-in sessions (e.g. ‘lunch and learn’) and online, bite-size modules. For other organisations, a more formal blend of classroom training (typically for those most deeply affected by the change to cloud) and Computer-Based Training is likely to be appropriate.
Training is tied to specific services No

Setup and migration

Setup and migration
Setup or migration service available Yes
How the setup or migration service works UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which a system or platform is exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:
• Preliminary and detailed modelling
• Preliminary investigation review
• Mission impact assessment and reporting
• Pink Teaming
• Threat Assessment
The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.
Setup or migration service is for specific cloud services No

Quality assurance and performance testing

Quality assurance and performance testing
Quality assurance and performance testing service Yes
How the quality assurance and performance testing works UK Defence (Dstl and MOD) has developed a robust, repeatable, methodology which allows CVIs to be completed at scale and pace across multiple complex systems. CVIs are increasingly being delivered by industry. Under our CVI service, Actica Consulting provides expert resources to plan for and carry out CVIs, providing an extremely thorough, high-assurance view of the cyber vulnerabilities to which a system or platform is exposed. We help clients navigate the CVI ‘Orientate’, ‘Understand and Model’, ’Assess’ and ‘Quantify’ stages, ensuring clarity of purpose, careful stakeholder management and rigorous analysis throughout, including:
• Attack path analysis
• Red Teaming
• Security Architecture Assessments
• Culture and Human Factors Assessments
• Risk quantification
• Risk mitigation strategy
The core of our service is conducting CVI Tier 1 investigations into cloud-dependent systems and platforms, from initial information gathering through Orientation Transition Review; Preliminary Investigation Review; Pink Team; Red Team; Risk Workshop, and; development of the final CVI Report. Where a further Tier 2 investigation is recommended Actica can support you in completing this.

Security testing

Security testing
Security services Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
Certified security testers Yes
Security testing certifications Other
Other security testing certifications
  • National Cyber Security Centre Accredited Consultancy
  • CCP Certified Consultants

Ongoing support

Ongoing support
Ongoing support service No

Service scope

Service scope
Service constraints None

User support

User support
Email or online ticketing support No
Phone support No
Web chat support No
Support levels N/A

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Pricing

Pricing
Price £300 to £1300 per person per day
Discount for educational organisations No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑