NTA's consultancy services
Local authorities need to sign up to the Code of Connection (CoCo) that defines the minimum standards and processes that an authority must comply with before being able to connect to GCSx. Achieving compliance to the CoCo requires the local authority to provide a compliance statement and supporting comment against a number of security control measures. As part of this, each authority must complete an annual IT Health Check. As a CESG CHECK co-founder NTA provide this service for local authorities throughout the UK and the scope of a typical ITHC includes:
- Network summary that will identify all IP addressable devices
- External gateway penetration testing
- Network Analysis, exploitable switches, gateways
- Vulnerability analysis, patch levels, poor passwords, services used
- Exploitation (Optional), next step after a,b & c but LA should be aware of the danger of potentially crashing or making the system unstable
- Summary Report with recommendations with an annex of more comprehensive detail.
For details of how NTA can work with you to achieve compliance and to find out more details concerning the exact scope that would apply to your authority please contact NTA Monitor.
A vital first step towards securing networks and data is the completion of a risk assessment, allowing for the resources that require protection to be determined and for risks that may impact them to be identified and quantified. Assessment may be company wide or project specific. Please contact NTA to discuss the options that are available.
IT security policies and procedures are typically developed after the completion of a risk assessment or following a change within the organisation, such as the introduction of a new application. NTA can assist organisations in the drafting of such policies or can provide an independent 'best practice' review of the documentation currently in place.
NTA can assist organisations which are working towards information assurance programmes, from the development of a bespoke ISMS (Information Security Management System) to the achievement of industry standards, such as ISO27001 or PCI DSS.
NTA's Web Stress Test provides a customised assessment of your web application's performance when subjected to high load or usage. Agreed volumes of traffic can be simulated from multiple browser interfaces and user profiles in order to identify possible points of failure and provide a course of action to mitigate these. A typical project would analyse the application to determine the maximum load and concurrent users, as well as profiling application response times and the effect on network infrastructure links. The service is flexible to project requirements.
NTA can provide consultancy to help organisations with key projects such as rationalising or consolidating networks, the implementation of new DMZs or applications, the development of security policies and procedures and the achievement of standards such as ISMS and ISO27001.
CLAS is the CESG Listed Adviser Scheme - a partnership linking the unique information assurance knowledge of CESG with the expertise and resources of the private sector. CLAS consultants are approved by CESG to provide information assurance advice to government departments and other organisations which provide vital services for the UK.
Advice can be provided in areas such as current government policy and guidance, the risks to official systems and the techniques available to counter them. In particular, guidance on GSi accreditation can be provided.