UK Cyber Security Assessment Framework for Local Government
Supported By Microsoft and Quorum Cyber
A key element of the UK Government’s Cyber Security Strategy is addressing the substantial gap in the UK’s cyber resilience. A critical part of bridging this gap is assessing your organisation’s resilience against the Cyber Assessment Framework (CAF), which is a framework developed by the UK’s National Cyber Security Centre. It has been adapted for local government by the Ministry of Housing, Communities and Local Government to improve cyber resilience across the sector.
Cyber Security Assessment Framework (CAF) objectives mapped to Microsoft and Quorum Cyber solutions to help overcome your challenges
Quorum Cyber has been working with a range of public sector authorities across the UK to provide cyber security services since we opened our first SOC in Edinburgh in 2016. We understand the challenges you face, and the pressure to deliver more with less. That’s why we’ve prepared this information: to help you identify the Microsoft products already in your security stack that can bridge gaps, and to introduce Quorum Cyber’s professional and managed services for expert implementation.
CAF Objectives
Microsoft Technology
Quorum Cyber Service
Aligning with CAF Outcomes
Managing Security Risk
Governance
- Conduct a gap analysis on your current security state
- Develop a roadmap to achieve your desired security state
Risk management
- Test your security controls
- Identify risks that can be promptly fixed Help you monitor insider risk
Asset management
Intune, Configuration Manager, Defender for Endpoint, Sentinel, Defender XDR, Defender Vulnerability Management
- Automated asset awareness and vulnerability managementAutomated asset awareness and vulnerability management
Supply chain
Microsoft Defender XDR, Entra, Microsoft DevOps
Security Maturity Assessment, Cyber Resilience Assessment; Third Party Risk Assessments
- Verify the risk present in your supply chain
Protecting against Cyber Attack
Service protection policies, processes and procedures
- Provide an experienced Virtual CISO
- Establish and review your security policies
Identity and access control
Microsoft Entra
Advisory Services, Professional Services
- Define your identity architecture
- Implement modern identity controls
Data security
Microsoft Purview; Microsoft Priva
- Establish data governance policies
- Enable data loss prevention
- Monitor your environment for data risks
System security
Azure Update; Microsoft Well architecture framework; Microsoft Sentinel; Microsoft Defender XDR
CTEM; Architecture design and review Clarity Defend, Clarity Extend, Clarity Protect, Clarity Data
Penetration testing
Data Security services; phishing protection services
- Ensure you are getting the most out of your security tools
- Manage and monitor your environment
Resilient networks and systems
Microsoft Well architectured framework, Azure Network Security
- Ensure you are getting the most out of your security tools
- Manage and monitor your environment
Staff awareness and training
Office 365 Phishing Simulation and Learning Paths, Microsoft Purview in-app notification & policies
- Test your phishing awareness
Detecting cyber security events
Security monitoring
Microsoft Defender Suite; Microsoft Sentinel
- Monitor your cyber environment for threats 24/7
- Provide expert response actions
Proactive security event discovery
- Deliver threat intelligence-led analytics and hunting tailored to UK public sector requirements
Minimising the impact of cyber security incidents
Response and recovery planning
Microsoft Defender XDR, Azure Backup and Recovery, Microsoft Purview Insider Risk Management (Adaptive Scopes)
- Build up your incident response capabilities
- Conduct table-top exercises to test your response readiness
Lessons learned
- Perform forensic analysis of attacks
- Identify gaps in your protection
Why choose Quorum Cyber?
Partnership Approach
We work with our customers to ensure they understand how we’re protecting their environments and advise on how to continuously strengthen their cyber security posture over time.
World-class Microsoft Expertise
As a Microsoft Solutions Partner for Security and member of the Microsoft Intelligent Security Association (MISA), we help companies maximise their investment in Microsoft Security technologies.
Unrivalled Cyber Security Team
We have hundreds of certified cyber security professionals protecting customers across North America, Europe, and the Middle East.
Proactive Defence
We leverage threat hunting and threat intelligence expertise to proactively identify potential threats and prevent them from causing damage before it’s too late.
Comprehensive Services
Every company has a unique IT environment, so we adapt our full range of security services to tackle your cyber security challenges head on.
