Due to the sensitive nature of the we undertake, BladeSec IA cannot usually divulge much detail, however, in general terms we have specific experience in the areas outlined on this page.
Implementation of UK, German, wider EU, Australian and US government, military or criminal justice standards:-
- Technical authority services including:-
- Defence-in-depth analysis;
- Network design and strategy;
- Cloud service risk assessment;
- Remote access and zero-trust models;
- Logging, repudiation and audit; and
- Secured, anonymised mobile devices.
- Threat-based, formal risk management of a system including legacy, stand-alone, complex shared infrastructure, hybrid cloud and cloud native deployments:-
- Corporate management of risk and the evaluation of an appropriate level of risk appetite; and
- Use of the BladeSec IA Assurance Document as a cost effective or cost limited replacement for the legacy Risk Management and Accreditation Document Set within the UK, EU-NATO and Australia.
- Development and delivery of an enterprise security strategy;
- Technical assurance:-
- Pen-test scoping using different techniques such as sampling, intelligence led and full;
- Interpretation of results to provide a context and defence-in-depth;
- Cloud tooling;
- Development systems, or systems with shared responsibilities (such as cloud) to ensure acceptable "end-to-end" testing; and
- Technical evaluations of cloud architecture using traditional IT Health Checks and other mechanisms to ensure appropriate pre-live and in-life assurance.
- Security incident management and forensics capture;
- Bespoke training and Security Education, Awareness and Training (SEAT); and
- Shared trust model compliance.
Staff, trust, fraud and intelligence services:-
- Insider threat;
- Open-source intelligence;
- Document verification;
- Secure and trusted delivery services;
- Data brokering, escrow and other trust services;
- Staff vetting; and
- Entrapment and honeypot services.
Governance and compliance regimes including:-
- ISO 27001;
- Cyber Essentials (CE) and Cyber Essentials Plus (CE+);
- NIST Computer Security Publications;
- General Data Protection Regulations and other privacy issues;
- FIPS and Common Criteria validations;
- NSA-CSS; and
- Protected and responsible disclosures.
- Advising commercial organisations on the supply of goods and services to secure government organisations; and
- Safeguarding the Critical National Infrastructure including Sensitive Nuclear Information (SNI) for "List N" (UK / EU).
Ethical and legal statement:-
Please be aware that we do not ask staff to compromise their own personal values and every job is subject to a legal and ethical analysis that must be passed unanimously. We do not undertake any illegal activities nor will we advise others on how to circumvent statutory, regulatory, contractual or financial controls.