24/7 SOC







Cyber Security Review

A cyber security review provides an independent and in-depth assessment of the ability of an organisation to protect its information assets from the impact of cyber threats. The cyber security review aims to establish and validate the effectiveness of cyber security measures. It also identifies vulnerabilities in an IT system and matches them to potential internal and external cyber threats.

How secure is your organisation?

An initial cyber security review identifies the current cyber security risk ‘posture’ and defines the baseline for improvement in the future. Cyber risks are identified, and security measures (controls) are applied to mitigate the risks consistent with the objectives of the organisation. Subsequent reviews are performed at intervals to ensure that all of the security measures are performing as required. Cyber security reviews are essential to delivering the effective management of cyber security and underpin compliance to ISO 27001, PCI DSS and Cyber Essentials Plus standards.


The audit

An experienced cyber security consultant will perform a comprehensive audit of the cyber security measures implemented in the organisation. This audit will involve on-site visits and remote access where required. Interviews with senior managers may be conducted to adequately identify and validate the relationship between the people, process and technology controls being used. A comprehensive written audit report will be delivered which documents the status of each security measure and indicates the level of cyber risk in the context of the vulnerability, threat and potential impact. The report will identify actions and recommendations that can be taken to minimise cyber risks.


The benefits of a cyber security review

  • Independent and expert view of the effectiveness of your current cyber security
  • Develop an understanding of the dynamic nature of cyber security threat
  • Ensure compliance with standards such as ISO 27001, Cyber Essentials and GDPR
  • Identify and prioritise the future improvement of your cyber security measures
  • Support cyber security management with a ‘before, during and after’ approach
  • Demonstrate your cyber security posture to win new business

Our methodology

The Cyber Security Review consists of a comprehensive audit of the existing security controls implemented in an organisation. It is performed by an experienced cyber security consultant who will identify each security control and compare it to the requirements as specified in the CIS Controls V7. Each Control Domain and Sub Control is given a maturity rating of between 1 – 5. This is based on the use of a Cyber Security Maturity Model where Level 1 is Initial (Lack of control in place), and Level 5 is Optimised (Advanced defensive capability). At all stages, the review endeavours to assess the effectiveness of each control and identify any potential deficiency with respect to its related technology, people, policies and processes. We will then prepare a comprehensive report that includes an Executive Summary of the key findings, the complete audit results and our recommendations for improving cyber security in the future.


CIS Controls V7 benchmarking

Wizard Cyber uses the Center for Internet Security (CIS) Controls to provide a benchmark for a quantitative and comparable measure of cyber security risk. The twenty CIS Controls V7 are compiled from the contributions of over 300 cyber security global professionals in academics, industry and government organisations. They are also internationally recognised by the UK National Cyber Security Centre. We will also perform an external and internal vulnerability scan which is designed to identify and classify technical weakness in an IT system.

Center for Internet Security (CIS) V7 Control Domains

  • Inventory and Control of Hardware Assets
  • Inventory and Control of Software Assets
  • Continuous Vulnerability Management
  • Controlled Use of Administrative Privileges
  • Secure Configuration for Hardware/Software
  • Maintenance, Monitoring, Analysis of Logs
  • Email and Web Browser Protections
  • Malware Defenses
  • Limitation & Control Network Ports, Protocols
  • Data Recovery Capabilities
  • Secure Configuration for Network Devices
  • Boundary Defense
  • Data Protection
  • Controlled Access Based on the Need to Know
  • Wireless Access Control
  • Account Monitoring and Control
  • Implement Security Awareness and Training
  • Application Software Security
  • Incident Response and Management
  • Penetration Tests and Red Team Exercises

Wizard Cyber Penetration Testing Services

Network Penetration Testing

A network penetration test is designed to assess an IT network for vulnerabilities and security issues in its servers, hosts, devices and network services. It particularly focuses on the ‘external view’ as seen by a hacker with respect to Internet-facing assets such as firewalls, intrusion prevention systems, web sites and unauthorised access.

Web Application Penetration Testing

At the heart of modern banking, e-commerce and cloud-based IT provision, web applications are an attractive and easy target for cyber criminals. In common with all software, they contain vulnerabilities which can be exploited by a hacker to steal confidential information directly or to create a transmission platform to infect another computer with malware.

Wireless Penetration Testing

Wireless technologies provide seamless access to IT resources from desktop and mobile devices. They also provide cyber criminals with the opportunity to exploit wireless vulnerabilities associated with logins, passwords, rogue access points, fingerprinting and information leakage.

To find out how Wizard Cyber can help you, enter your details in the form and we’ll get in touch.