BladeSec IA Logo

Introduction

CLAS Consultancy
CESG Certified Professionals
CESG Certified Cyber-Security Consultancy

Company Information

Company profile
Certifications and qualifications
News and comment
Why choose BladeSec IA?
References

Products and Services

Typical work <
Specific highlights

Domestic Travel Advice

Website

Contact us
Terms and conditions
Privacy statement
 

Typical Work

Due to the sensitive nature of the work undertaken, BladeSec IA Services Ltd. cannot usually disclose any details, however, we have specific experience in the following areas:-
  • Implementing the standard government approach to information assurance by applying the Cabinet Office's Security Policy Framework (and historically, the Manual of Protective Security);
  • The accreditation of information systems. This has included legacy, standalone, complex and widely networked systems in criminal justice, devolved government and agencies. Recent experience has seen us utilise G-Cloud and public cloud to delivery government and criminal justice services;
  • Performing risk assessments using HMG IS 1 version 2, HMG IA Standard 1 version 3 and HMG IA Standard 1/2 version 4. Performing upgrades between the various versions. Translating risk assessments into English for presentation to C-level executives;
  • The development of risk balanced cases and security cases in accordance with HMG IS1 Part 2 or HMG IS1/2. Defining and implementing suitable countermeasures to mitigate risk to an appropriate level;
  • Development of cost effective or cost limited Risk Management and Accreditation Documentation Sets (RMADS) in accordance with HMG IA Standard 2 version 3 or HMG IA Standard 1/2 version 4;
  • Development of Security Operating Procedures (SyOPs). Over the years, some of the more interesting ones have included:-
    • Security Incident Management;
    • Background and Identity Checks;
    • Mobile and Home Working;
    • Line Managers' Responsibilities;
    • Forensics Readiness; &
    • Asset Classification and Handling.
  • Technical Design Authority including network design using assured barriers. This has included:-
    • Remote access solutions in compliance with GPG10 (including the use of bootable media);
    • Protecting government networks from the Internet in accordance with GPG8;
    • Authentication in accordance with HMG IS7;
    • Mobile e-mail solutions (historically, just BlackBerry devices, but more recently the End User Device Strategy); &
    • Protective monitoring policies aligned to GPG13.
  • Interpretation of Codes of Connection for organisations linking to a trusted community:-
    • The Public Services Network (PSN);
    • Criminal Justice networks such as the CJX and the PSN for Policing at all levels; &
    • Legacy GSi connections including xGSI, GSX and GCSX as well as the migration to GCF.
  • Technical assurance requirements such as IT Health Checks that cover:-
    • Scoping using different techniques such as sampling, intelligence led and full;
    • Interpretation of results to provide a context and defence-in-depth;
    • Systems under development to ensure acceptable “end-to-end” testing; &
    • Technical evaluations of cloud architectures using traditional IT Health Checks and other mechanisms to ensure appropriate pre-live and in-life assurance.
  • Advising commercial organisations on the supply of goods and services to HMG.
  • Contractual negotiations between HMG and the commercial organisations.
  • Corporate management of risk and the evaluation of an appropriate level of risk appetite.
  • Safeguarding the Critical National Infrastructure of the UK including Sensitive Nuclear Information (SNI) for "List N".
  • Complying and certifying with ISO/IEC 27001. This includes the application of the Baseline Control Set (as defined in HMG IS1/2) at various levels.
  • Handling of legacy Government Protective Marking Scheme (GPMS) information and developing proportionate handling instructions.
  • Assisting in the transition and migration to the new Government Security Classification Policy including specific handling instructions for staff to prevent the unauthorised disclosure of information;
  • Background and identity checks of staff as well as the detection of fraudulent documentation.
  • The development and generation of security, education, awareness and training (SEAT):-
    • HMG IS1, RMADS and Accreditation (Owen was the original author of the widely acclaimed Sapphire course.);
    • Computer forensics; &
    • General information assurance awareness education including induction, SyOP and refresher training.