What was the challenge?
To identify system and organisational vulnerabilities arising from the cyber environment and present them to the customer as risks that could then be managed.
What was the solution?
Using the UK MODs Socio-technical Cyber Vulnerability Investigation approach the significant organisational and system requirements, people, assets, procedures, and tactics were identified and prioritised by Atheniem team members. This investigation was achieved by interviews, physical inspections and the review of classified and open source documents and information (e.g. past maturity, vulnerability and health check reports, OSINT and industry threat trends). Then the vulnerabilities, resilience and associated attack paths were derived. These were used to generate and quantify customer risks against the JSP892 format. Mitigations were developed and some required health checks, DART/RMADS submissions and security case creations.
What was the outcome?
The customer and risk owners were able to sustain their capabilities and systems in a compliant, resilient and risk aware way. They were able to effectively manage their risks and we were able to assist with their mitigations by providing recommended courses of action and by completing actions as subsequent tasks from the customer.