Cyber Essentials and Essentials Plus

CDCAT is a comprehensive way for organisations to assess their existing cyber defences, against a unique set of government and commercial best practice control sets, to identify any vulnerabilities and see what improvements can be made.

An effective security program must start by assessing the risk. giving you greater visibility into your current OT environment and see the vulnerable assets.

In the industrial cyber-security space, the risks are changing all the time, as companies extend, adapt, and improve their systems, as new vulnerabilities are identified and as threat strategies evolve.

Using the CDCAT assessment tools, our audit identifies the maturity level of individual or combined elements we qualify as ‘defensible units’ within your business, based on pre-defined controls using a wide range of security standards including ISO 27001, IEC 62443, NIST SP800-53 – Security Controls and many others.

CDCAT was developed for the UK Ministry of Defence, by the Defence Science and Technology Laboratory with two main requirements:

• Flexibility to assess a variety of systems
• A quick and repeatable process

Gauge the security awareness proficiency of your employees and measure your organisation’s overall security culture posture using our KnowBe4 Assessments. These two science-based assessments help you tailor training to address proficiency gaps and weaknesses, as well as monitor the impact your security awareness training program has on improving your users’ knowledge and sentiment to security awareness over time.

Our offline patch management service is tailored according to your unique requirements. It may include a full system analysis to confirm all systems are operational, functional and fully patched. Full operating system patching and reporting may be included, whether required for a fully connected, partially connected or an isolated system. Anti-malware signature updates for a chosen vendor can also be implemented, as well as USB port control and ‘sheep dip’ validations that check content ensuring only trusted data is imported into a secure engineering environment.

Every organisation is at a different stage in their IoT & ICS cyber security maturity. Just as adversaries are becoming increasingly sophisticated, organizations are also continually challenged to up their game. Capula partners with world leading technology vendors that enable you to easily adopt new capabilities to match your organisational readiness. Their technology combined with our vast experience put’s Capula as the partner of choice for most of the UK’s critical infrastructure.

We can undertake a full penetration test on all your systems, networks, websites or web applications. Using trained and certified ethical hackers or ‘Tiger’ team members, you can be assured that the items in scope will be rigorously tested for vulnerabilities. This assessment can be operated as a ‘red team’ test where nothing is provided, and we will detail what we can find as an outsider.

We can further undertake a full review of your perimeter defenses, try to gain access to your site as an adversary and use detailed social engineering skills to obtain access to restricted areas. If required, our teams can pose as trusted insiders, contacting staff for information or professing to be support agents to gain access to hardware as part of an ongoing maintenance agreement. Perhaps you are interested to know what happens to USB devices that are found on your premises and who may be curious enough to plug them in?