New British Cyber Advisor Scheme

Britain's National Cyber Security Centre (NCSC) is offering a new Cyber Advisor service. The initial 100 Cyber Advisor assessments will be funded by the NCSC. To begin with, the NCSC is inviting participants to take part in 100 free assessments which will be used to test and develop the scheme, due to be fully launched in the first quarter of 2023. Once live, individuals will be able to apply to become a Cyber Advisor for a fee.

The scheme is intended to extend the NCSC’s reach to offer a trusted source of cyber security advice to a wider range of organisations. 

This will include the ability to recommend independently assured organisations that can help their customers implement a baseline level of cyber security, creating a trusted ecosystem that allows consumers to know better who to engage and what to expect. 

A Cyber Advisor will be an individual assessed by the NCSC as having a good understanding of baseline security controls and the ability to provide practical help to companies who want to achieve them.

Qualified Cyber Advisors will initially focus on helping their customers meet Cyber Essentials 5 technical controls, firewalls, secure settings, access controls, malware and software updates, by identifying and helping implement improvements that are right for the size and needs of their customer. A company engaging the help of a Cyber Advisor doesn’t need to be aiming for Cyber Essentials certification; those controls are being used as a baseline as they help guard against the most common cyber attacks. 

Under the new scheme those organisations who have a qualified Cyber Advisor on their staff will be able to apply to become an NCSC Assured Service Provider. 

Only organisations who become Assured Service Providers and employ a qualified Cyber Advisor will be able to offer NCSC Cyber Advisor services to customers.

Initial Cyber Advisor Assessments

The NCSC will initially be fully funding the initial 100 Cyber Advisor assessments. Individual applicants, with differing levels of experience and skills, and from diverse backgrounds across the UK, will be selected to test. 
Those individuals who complete a free assessment will be asked for feedback and to provide data to help the NCSC develop the Cyber Advisor scheme further and ensure that Cyber Advisors can offer the required knowledge and skill set.   

Cyber Advisors will be expected to help organisations by:

  • Conducting Cyber Essentials gap analysis to assess the organisations Internet-facing IT identifying where it fails to meet the Cyber Essentials controls.
  • Developing reports on the status of the organisation’s Cyber Essentials controls for senior leadership, detailing the requirements that are met and those that are not, describing why controls are not met and the risks the organisation is exposed to, as well as the recommended actions to take.
  • Working with the business to agree remediation activities.
  • Planning remediation activities that align to the risk and business priorities.
  •  Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities.
  • Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks.

Cyber security professionals who think you have the required knowledge and skill set can  apply by contacting the scheme’s delivery partner, IASME. Anyone who passes the assessment but who is not employed by an Assured Service Provider will not be eligible to offer Cyber Advisor services.

Cyber Advisor Assured Service Providers

To be eligible to offer Cyber Advisor services under the scheme organisations will need to become an Assured Service Provider registered with IASME and employ at least one formally assessed Cyber Advisor. An organisation applying to be an Assured Service Provider will be expected to meet requirements demonstrating good cyber security and a commitment to achieving an excellent and consistent customer experience through a quality management system. An annual subscription fee will be levied.

To register your interest in participating in the scheme Proof of Concept and to apply for one of the fully-funded Cyber Advisor assessment places, please complete the application form which can be found on the IASME website.

NCSC:       IASME:     CSO Online:     Cyber News Group:     Computer Weekly

You Might Also Read: 

Flunking Cyber Education:

 

« How to Prepare Your Security Team For The Future Of Vulnerability Management
Perimeter 81 / Zero Trust Network Access Guide »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

KELA

KELA

KELA's powerful cybercrime intelligence platform uncovers and neutralizes the most relevant cybersecurity threats coming from the hardest-to-reach places on the internet.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

Government CSIRT - Chile

Government CSIRT - Chile

Government CSIRT is the Computer Security Incident Response Team for State networks and government cyberspace in Chile.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

NWN Carousel

NWN Carousel

NWN Carousel delivers AI-powered technology solutions for the modern workplace. From unified communications and intelligent infrastructure to robust cybersecurity.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.

COGITANDA Dataprotect

COGITANDA Dataprotect

COGITANDA are a group of companies focused on dealing with cyber risks, managing them and insuring them.

Securitybricks

Securitybricks

Securitybricks specialize in cloud security and compliance. Our mission is to automate regulatory compliance backed by human validation.

Innerworks

Innerworks

Innerworks intelligent bot detection. Innerworks is building the future of behavioural data on web3.