A new way for businesses to assess their own cyber defence preparedness, understand where any gaps in defence capability may exist and what mitigations can be applied has been launched in the UK. APMG-International, an independent Certification Body, is working with the Defence Science and Technology Laboratory (Dstl) and its commercialisation company Ploughshare Innovations Ltd, to deliver the new Cyber Defence Capability Assessment Tool (CDCAT) and to build awareness of the importance of cyber security assessment at an organisational level.
For organisations of all sizes, CDCAT makes the complex world of cyber security more accessible and easier to understand, shifting the discussion away from technology towards management and business practices. Drawing on military, government and industry controls and standards to consolidate the most effective practices, CDCAT provides a methodology and scoring system for cyber defence preparedness.
Richard Pharro, CEO of APMG, said: “There is a growing recognition that technical solutions can only go so far in helping businesses to protect their data, without the appropriate culture and management framework in place to support them. Ultimate responsibility for cyber security rests at Board level, and it is critical that businesses get a clear, objective picture of their potential vulnerabilities so that they can reinforce their weak spots – which is what CDCAT provides. Armed with this knowledge it’s possible to implement an evidence-based strategy to mitigate risks to critical information assets and reduce the impact of problems as they arise.
“In CDCAT, organisations have at their disposal dynamic tools built on cutting-edge cyber-security frameworks, which can empower companies with tailored, real-time assessments of their current cyber-security risks, and detailed roadmaps on how best to mitigate these factors. CDCAT provides a great fit with our belief that cyber security is an essential part of our world and requires greater investment at all levels to ensure our nation’s on-going security,” he continued.
The tool incorporates a comprehensive set of best practice standards, including ISO/IEC 27001:2013, the US’s NIST Cyber Security Framework, UK’s 10 Steps to Cyber Security and Cyber Essentials and as a result, CDCAT is able to provide a thorough cyber-security assessment delivered as a .net application, having been reengineered from its initial MooD platform.
Martin Huddleston, Principal Cyber Solutions Architect at Dstl, added: “With CDCAT® we have a dynamic suite which comprises one of the most comprehensive collections of cyber security controls available today. Utilising rules and inputs from government, military and commercial organisations across the world, in its unique assessments.
“Constructing a list of key criteria, CDCAT® then assesses an organisation’s current defensive posture vis-a-vis protection strategies already in place. By factoring current operational risks measurements into its scoring system, CDCAT® both contextualises present risk scenarios and provides output which suggests possible actions to fix issues found. With this output, managers can engage in real-time and repeatable operational risk management assessments, with which to counter changing threats and vulnerabilities,” he continued.
Jim Ashe, VP Commercial at Ploughshare Innovations Ltd, said: “CDCAT offers organisations from every sector the opportunity to make unbiased assessments of their cyber defence capabilities in ways not previously possible. Along with Dstl and APMG, we have invested a significant amount of time and effort into creating this world-class tool, which will ultimately raise cyber security consciousness among enterprises. We are therefore very pleased to see it come to market.”
CDCAT is being piloted by a number of high-profile organisations and is now available under general licence. For more information about CDCAT, visit: http://apmg-cyber.com/products/cdcat-cyber-defence-capability-assessment-tool