Our Services

Penetration Testing (prices on application)

Once authorised and with pre-agreed objectives in place, our pen test experts will simulate a targeted attack on a computer system. We will detect security weaknesses and identify whether or not the existing defences are sufficient.

Vulnerability Scanning (from £650*)

Mid-level vulnerability scanning carried out at the client premises to detail cyber security flaws and vulnerabilities both internally, externally and website related. All servers and networks are reviewed with the results detailed in a management and technical report on its completion. If faults are found, details of full corrective solutions are issued which the client can address internally or where required, corrected by a trusted fixer. Vulnerability scanning has five alternate verification’s similar to Penetration Testing although is none intrusive compare to Penetration Testing.

• Internal
  Internal vulnerabilities consist of in-depth in house scans of the infrastructure that relate to your company and advise on any threats that need addressing in a Low, Medium and Critical threat status.

• External
  External vulnerabilities consist of in-depth scans of web facing devices that relate to your company and advise on any threats that need addressing in a Low, Medium and Critical threat status.

• Web Applications
  External vulnerabilities consist of in-depth scans of websites that relate to your company and advise on any threats that need addressing in a Low, Medium and Critical threat status.

• PCI DSS
  To comply with requirement 11.2 of the PCI DSS, merchants and service providers must conduct and pass a quarterly vulnerability test (meaning one scan every 90 days, or 4 scans per year). This service provides the PCI scan certification necessary to demonstrate quarterly compliance.
• Personal Identifiable Information
  PII vulnerabilities scanning consist of an in-depth in house scan of the infrastructure search for any customer Personal Identifiable Information that needs to be anonymized and /or control put in place relating to unauthorised access. This is a requirement established by GDPR law as of May 2018.

DPO as a Service – ‘DPOaaS’ (packages from £1000*)

A cost-effective solution for organisations that do not have the data protection expertise and knowledge to fulfil their DPO (data protection officer) obligations under the GDPR (General Data Protection Regulation).

Our certified and international-approved DPO’s can assist you with all data Protection requirements whether it is GDPR 2018, DPA 2018, CCPA 2019, APP 2019 or PECR 2003.

By outsourcing DPO tasks and duties to our industry experts, you get access to expert advice and guidance that helps you address the compliance demands of data protection, while staying focused on your core business activities

Technical Review Service (review from £900*)

The unstoppable growth of cyber-crime means that businesses of all sizes should seriously rethink their approach to the security of their websites and data.

You may think that you are ‘too big’ to be targeted by a computer hacker yet recent history has taught us that this is simply not true. When you then consider that 60% of small businesses never recover after a serious cyber-attack, it becomes clear that we all need to take this very seriously and we here at CRIBB are here to help.

Our Cyber Security Review service allows us to verify the level of your existing security and then advise you upon the missing the requirements you need to put in place. Our professional and highly qualified consultants can play as both the attacker and the defender in computer systems, networks, and software programs.

Our aim is to instil the best practices in Cyber Security deep within your business so that you are fully prepared.

Information Governance Assistance (from £900*)

Unsure on the correct application of information governance within your organisation? Need help completing those data management forms, registers or polices?

Then we are the right people to speak to. Our Information Governance Assistants (IGAs) are available to assist you in all matters regarding the management of information with your organization.

Backed up by industry recognised auditors and data protection specialists, our IGAs remove the perils connected with correct information governance, ensuring that you remain legally compliant and governed correctly.

Cyber Essentials (from £300*)

Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks. Cyber Essentials certification only is an online self-completing questionnaire, which is certified by a GCHQ Assessor on behalf of the IASME Consortium.

Cyber Essentials Plus (from £1250*)

An on-site Technical Assessment is required by all companies looking to achieve this level of certification once they have gained ‘Cyber Essentials’. Within the assessment, the previous standard is verified and confirmed to be adhered to. Technical examinations relating to workstations, servers, IOT, BYOD devices are fully checked and assessed for any vulnerabilities. On successful completion, the client is awarded the certification badge. The client is given 21 days to correct any failures.

Information Governance Assistance (from £900*)

Unsure on the correct application of information governance within your organisation? Need help completing those data management forms, registers or polices?

Then we are the right people to speak to. Our Information Governance Assistants (IGAs) are available to assist you in all matters regarding the management of information with your organization.

Backed up by industry recognised auditors and data protection specialists, our IGAs remove the perils connected with correct information governance, ensuring that you remain legally compliant and governed correctly.

GDPR Compliance (review from £900*)

The qualified and approved consultants at CRIBB are on hand to help organisations understand what they need to do to comply with the GDPR and all other Data Protection regulations.

Are you worried about GDPR and how it will affect your company?

The General Data Protection Regulation (GDPR) is the biggest and most significant change regarding data privacy in the last 20 years. It involves the protection of personal data that companies retain which can be used to identify an individual, such as name, address, mobile number, IP address and also sensitive data such as gender and sexual preference.

Our expert consultants can help you achieve compliance with the GDPR and other Data Protection regulations. Our GDPR Review service allows us to verify the level of your current compliance and advise on which requirements are missing, so that you can combine this with the work you have already done or are carrying out yourselves. This is with the security of having fully trained and experienced people to back you up as needed.

IASME Governance Certification (from £1750*)

The IASME Governance Standard is risk-based and includes aspects such as physical security, staff awareness and data backup. The UK Government recently recognized it as the best cyber security standard for companies. The IASME Governance Standard includes both Cyber Essentials Standard and an assessment of the forthcoming General Data Protection Regulation (GDPR), intended to strengthen and unify data protection for all individuals within the European Union.

The IASME Governance Standard, Cyber Essentials and GDPR Readiness is an online self-completing questionnaire, which is certified by a GCHQ Assessor. A CRIBB Assessor will arrange a visit you on two separate days to assist with the understanding, policy fulfillment (all required policies are provided as part of the service) and assessment completion. On successful completion of the IASME Governance, (With Cyber Essentials and GDPR Readiness) your certification certificates and logos will be issued.

As an additional bonus, certification will entitle you to free Cyber Liability Insurance with a £25,000 indemnity limit (terms apply) through IASME.

PCI DSS Compliance (review from £900*)

The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process or transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider or system.

CRIBB will run an Official PCI DSS vulnerability scan remotely on firewalls, payment gateways and relevant systems. A PCI/DSS approved report will be generated for your bank or merchant provider. CRIBB will carry out a PCI review to establish if self-assessment is sufficient along with help, guidance and assistance for you to complete the SAQ self-assessment questionnaire, and ultimately obtain your PCI DSS certificate.

Who is it for?
Any organisation that takes credit card payments in any form: internet, phone, terminal, website or stores credit card data.

Highlights

• Expert on-site PCI Review – initial service to establish what you really need
• Official DCI DSS scan of primary payment gateway with full report highlighting any weaknesses. This is a significant element of your GDPR compliance and Information Governance initiatives
• Full Technical IT, policies and procedures review with report as required by the PCI Security Council
• Guidance and assistance for you to complete the SAQ self-assessment questionnaire

What do you get?

• You will be PCI DSS compliant for your acquiring bank(s)
• Experienced and knowledgeable consultant to eliminate risks and errors
• Annual contract for all scans and services at reduced cost
• You can have an annual agreement for Official PCI scans and reports to reduce cost
• Expert and fully Government approved assessor who will be your senior consultant
• You will get experience, gain knowledge and receive education to protect your business, customers and staff

PECB ISO / IEC 27001 Lead Implementer (prices on application)

Also known simply as ISO 27001, ISO/IEC 27001 is the international information security standard. It sets out the spec for an Information Security Management System, or ISMS.

ISO 27001 certification is recognised around the world. It offers clear proof that your ISMS operates to security best practices.

Maintenance Support Services (prices on application)

We are able to provide a bespoke maintenance and support agreement for cyber security, data protection and re-certification services. This reduces the costs of your cyber security budget whilst ensuring your cyber security and data protection compliance remains a primary goal.

Incident Management Assistance (prices on application)

Your business is your top priority. At best, attacks are a distraction. At their worst, they can cripple your operations.

When dealing with a cyber incident, quick and effective action is vital. The CRIBB Cyber Security incident response team is able to assist in the management, analysis and rectification of your incidents in a professional and timely manner.

Our consultants draw upon a wealth of experience and a wide range of skills in leading threat intelligence and network and endpoint technology to support you in threat containment and the recovery of your business processes.

Whether you have 1 or 100,000 endpoints, our consultants can be up and running in a matter of hours, analysing your networks for malicious activity

CRIBB Cyber Security has launched ‘CRIBB Maritime Cyber Assurance’ this year specifically for the Cruise industry. In times gone by, cyber-attacks have been largely ignored by the maritime industry and now that ships are their own ‘digital worlds’, this attitude has had to change. Read more about how CRIBB can help…

*ALL recommended prices shown are provided as a guide and are subject to change or confirmation upon completion of initial work scoping and quotation.