Professional CYBER SECURITY Consulting

Take Your Business Safely To New Heights
Learn MoreGet Started

GIVE Your Business CHOICES Today!

Book A Free Consultation

Don’t Settle For Less

Our Consulting Services

Keeping your business safe is no longer as simple as locks and roller shutters. Most business now heavily rely on digital services, from email to file storage, web services to online meetings, we’ve moved nearly everything to the ‘cloud’.

Employing dedicated staff to manage the security and compliance of your digital footprint can be expensive……and that’s why 10Steps was formed, to provide highly skilled, approved, and licensed expertise when you need it.

Cyber Certification

We are a licenced Certification Body for:

Cyber Essentials

IASME Governance

IoT Fundamentals

vCISO Consultancy

Providing an independent vCISO high value service, enabling you to gain the best value of current investment or service provider..

Counter Fraud Certification

We are a licensed Certification Body for Counter Fraud Fundamentals

Supply Chain Risk Assurance

We provide a service to Risk Assess your suppliers to provide evidence of your due diligence.

So what are the 10 Steps?

Risk Management

Risk management in the cyber security domain helps ensure that the technology, systems and information in your organisation are protected in the most appropriate way, and that resources are focussed on the things that matter most to your business.
Engagement and training

Good security takes into account the way people work in practice, and doesn’t get in the way of people getting their jobs done. People can also be one of your most effective resources in preventing incidents (or detecting when one has occurred), provided they are properly engaged and there is a which encourages them to speak up. Supporting your staff to obtain the skills and knowledge required to work securely is often done through the means of awareness or training.

Asset Management

Asset management encompasses the way you can establish and maintain the required knowledge of your assets. Over time, systems generally grow organically, and it can be hard to maintain an understanding of all the assets within your environment. Incidents can occur as the result of not fully understanding an environment, whether it is an unpatched service, an exposed cloud storage account or a mis-classified document.

Configuration

The technology and cyber security landscape is constantly evolving. To address this, organisations need to ensure that good cyber security is baked into their systems and services from the outset, and that those systems and services can be maintained and updated to adapt effectively to emerging threats and risks.

Vulnerability Management

The majority of cyber security incidents are the result of attackers exploiting publicly disclosed vulnerabilities to gain access to systems and networks. Attackers will, often indiscriminately, seek to exploit vulnerabilities as soon as they have been disclosed. So it is important (and essential for any systems that are exploitable from the internet) to install security updates as soon as possible to protect your organisation. Some vulnerabilities may be harder to fix, and a good vulnerability management process will help you understand which ones are most serious and need addressing first.

Access Management

Access to data, systems and services need to be protected. Understanding who or what needs access, and under what conditions, is just as important as knowing who needs to be kept out. You must choose appropriate methods to establish and prove the identity of users, devices, or systems, with enough confidence to make access control decisions. A good approach to identity and access management will make it hard for attackers to pretend they are legitimate, whilst keeping it as simple as possible for legitimate users to access what they need.

DATA Security

Data needs to be protected from unauthorised access, modification, or deletion. This involves ensuring data is protected in transit, at rest, and at end of life (that is, effectively sanitising or destroying storage media after use). In many cases data will be outside your direct control, so it important to consider the protections that you can apply as well as the assurances you may need from third parties. With the rise in increasingly tailored attacks preventing organisations from accessing their systems and data stored on them, other relevant security measures should include maintaining up-to-date, isolated, offline backup copies of all important data.

Monitoring

Collecting logs is essential to understand how your systems are being used and is the foundation of security (or protective) monitoring. In the event of a concern or potential security incident, good logging practices will allow you to retrospectively look at what has happened and understand the impact of the incident. Security monitoring takes this further and involves the active analysis of logging information to look for signs of known attacks or unusual system behaviour, enabling organisations to detect events that could be deemed as a security incident, and respond accordingly in order to minimise the impact.

Incident Management

Incidents can have a huge impact on an organisation in terms of cost, productivity and reputation. However, good incident management will reduce the impact when they do happen. Being able to detect and quickly respond to incidents will help to prevent further damage, reducing the financial and operational impact. Managing the incident whilst in the media spotlight will reduce the reputational impact. Finally, applying what you’ve learned in the aftermath of an incident will mean you are better prepared for any future incidents.

Supply Chain Security

Most organisations rely upon suppliers to deliver products, systems, and services. An attack on your suppliers can be just as damaging to you as one that directly targets your own organisation. Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it. The first step is to understand your supply chain, including commodity suppliers such cloud service providers and those suppliers you hold a bespoke contract with. Exercising influence where you can, and encouraging continuous improvement, will help improve security across your supply chain.

Get In Touch

Unit 4a, 7 Martin Street, Brighouse
0800 7 999 510
ADMIN@10STEPS.ORG.UK