Cyber and security

We provide independent, tailored advice to help you reduce the risk of cyber-attacks.

Contact Us

Key contact

Rick Cox

Regional Vice President Business Development

Alexandria, United States

+1 703 920 7070 defence-security@bmtglobal.com

Modern cyber security is complex and dynamic and affects nearly everything, but understanding what is relevant to you can be a real challenge. 

Our advice is consistently based on industry best practices, aligned to the level of risk your organization is prepared to accept and delivered by experienced, certified cyber security experts.

 

We are dedicated to providing you with independent and trusted advice to help you identify, understand, and mitigate the risks and help you transform your security position into one that is risk-informed and driven by your business model.

Our approach

Security Strategy, Policy, Process and Standards

Our experts can help you develop or review your overall security approach and help you align it to the most relevant best practices and standards to your domain.

Security assurance (SAC) support

We can provide experienced Security Assurance coordinators or support for your assurance and certification, inputs to options analysis, business cases and approvals.

Cyber vulnerability investigations

Our experienced teams combine cyber, human factors and domain knowledge to assess and understand the vulnerabilities of complex systems.

Cyber threat intelligence

We can help you use, implement, and exploit Cyber Threat Intelligence, allowing you to develop from a reactive posture to a proactive one.

Security and cloud security advice

We help to identify your security boundaries and assure that the security considerations within your systems are adequate and appropriate. We also offer a wealth of expertise in Operational Technology (OT), Internet of Things (IoT) and Information Technology (IT) to help mitigate the complexity of modern solutions.

Preparation of formal security documentation

From RMADS to DART entries, our teams can ensure you comply with the latest Security and Information Risk practices.

Security Risk Reviews and Assessment

We are experts in reviewing security risk, assessing the impact on business and operational risk, and running project Security Health Checks to identify areas for improvement.

Security Architecture Design, Review and Assurance

We work with your development teams to ensure that your on-premises or cloud-based applications and architecture is compliant with appropriate standards.

Security Governance

We work with you to ensure the proper governance is in place for your project or organisation to manage risk, manage your assurance activities and implement and develop compliance.

Data Protection Security Development and Implementation

Maintaining Data Protection compliance is essential to every organisation, so we help you ensure the proper governance and processes are in place.

Summary of capabilities

We provide advice on protective controls, threat detection and security scanning. We also undertake requirement gatherings and help assess and evaluate the technology within proposed vendor products to evaluate them.

Our independent experts understand the domains we work in to provide security advice and risk services. We can provide clear security advice for both simple and complex systems, and we help give you the knowledge and support you need to become self-sufficient.

Organisations are becoming increasingly aware of the importance of security, but good security advice What’s more, changing standards and confusing language often complicate matters, but they can be simplified.

Whether your acquisition project involves apples or aircraft carriers, security must be considered from the outset. We support everything from setting the right strategy and establishing appropriate governance to managing risk and creating the right assurance processes.

Key benefits

  • Ensure the availability and integrity of your systems and mitigate security risks.
  • Keep critical systems operational
  • Avoid costly redesigns by integrating security considerations from the start.
  • Keep your commercially sensitive, personal, or other sensitive information secure
  • Ensure you’re fully compliant with relevant legislation

Standards and Methodologies we follow and apply for assurance support:.

  • ISO/ IEC 27000 series, ISO 28000, BS ISO 31000, ISO 22301
  • Risk assessment standards, including ISO27005, OCTAVE and IRAM
  • NIST, OWASP, and ISF Standards
  • Government Security Classification Scheme
  • Cyber Essentials
  • Security Policy Framework
  • Current NCSC Guidance
  • CVI Methodology
  • HMG Infosec Standards, Memoranda and Manuals
  • Secure architectures and infrastructures, including the Public Services Network (PSN), Restricted LAN Interconnect (RLI), Criminal Justice Extranet (CJX) and more sensitive capabilities