Security Architecture and CESG Certified Professional assessed activities.
https://empowering-communities.org/
https://ecins.org/login
Security Architecture :-
20th March 2015 I had designed a new infrastructure for this social enterprise to allow their application to run in an infrastructure equivalent to the Gcloud infrastructure with IL0-2 to IL3 application bridge infrastructure. This was assessed for acceptance by Police accreditor as 'fit for purpose' to share certain police information and to connect to the PSN
This included a GPG13 compliant Cyber monitoring design and a zoned architecture design incorporating IL2 to IL3 CESG design for the IAP compliant citizen access gateway and IL3 backend enclave for PSN connection to central government partners.
I also prepared full policy set including security policies Accreditation Maintenance Plan (AMP) Risk Management Document Set including Risk Assessment CHECK testing scope and Remediation Plan.
H1 - Business Continuity Planning CCP Certified Skill :-
Delivery of Business Continuity Planning for ECINS
Embedding BCM in the organization's culture : In the accreditation document it was agreed that this would be kept in review so that the BCP plan was kept within the tolerance of the customers as the business expanded. This delivered a compliance with ISO 22301 namely
1) Securing management support,
2) Risk assessment;
3) Business impact analysis (BIA); and
4) delivered the business continuity plan.
As CLAS consultant I have produced a detailed RMADs under GPG47 for shared services.
I have acted as conduit between Empowering Communities the parent organisation and the Pan Government Accreditor to establish the accreditation governance for them as a private sector organisation.
ECINS March 2012 – to April 2012 Not-for-Profit Social Enterprise CLAS Consultancy
A2 - Policy & Standards ECINS CCP Certified Skill :-
Situation and Task : I was the CLAS consultant assisting https://empowering-communities.org/ to get impact level 3 accreditation for the https://www.e-cins.co.uk/ system in the period 2013 to 2016.
While they were doing a great deal for themselves while they were going through an ISO27001 certification process I offered to produce a SyOPS for them to cover all of the standard requirements of such a document for their BIL3 accreditation project.
Result : This document was delivered to the Empowering Communities business for their review. The document was adjusted to suit the requirements of the business and accepted into the their documentation portfolio under their ISO27001 certification project.
One of the activities was to produce was a draft SyOps for the secure operation of their systems.
Result : The document was drafted , reviewed by the client and accepted into the client’s ISO27001 document set. CCP Certification details of task are here
E2 - Secure Operations & Service Delivery CCP Certified Skill:-
To assist Empowering Communities to operate ECINS at Impact Level 3
Result : These controls were implemented through a set of procedures which are summarised in the ECINS SyOPS which defined the procedures to be followed for the business to operate an Information Security Management System ( ISMS ) in accordance with ISO 27001 and the associated policies and controls. CCP Certification details of task are here
E3 - Vulnerability Assessment CCP Certified Skill:-
Advice given to Empowering Communities regarding the need for vulnerability testing
Result : The testing results were prioritised in accordance with https://cve.mitre.org/ identified vulnerabilities as well as other vulnerabilities which the business were made aware of by the CHECK team. Retesting took place until all risks were mitigated to a level of Low which was identified and the appropriate risk tolerance. This is in accordance with Art. 25 GDPR”Data protection by design and by default” ( Recital 78 “Appropriate Technical and Organisational Measures” CCP Certification details of task are here
F3 – Forensics CCP Certified Skill :-
ECINS was to have a forensics readiness capability alongside their GPG13 compliance
Result : A paper was submitted and this was accepted by the board. CCP Certification details of task are here
