Control Types

Compliance Checking

An ITHC should be performed every 12 months on the internal Local Authority network. Procedures of gateway penetration testing should still be conducted.

The scope of a typical ITHC includes:

  • Network summary that will identify all IP addressable devices
  • External gateway penetration testing
  • Network Analysis, exploitable switches, gateways
  • Vulnerability analysis, patch levels, poor passwords, services used
  • Exploitation (Optional), next step after a, b & c but LA should be aware of the danger of potentially crashing or making the system unstable
  • Summary Report with recommendations with an annex of more comprehensive detail.

    Using a 3rd party CHECK team is recommended buy not mandatory.

Suggested Solutions

Encription

Encription can perform an IT Health Check every 12 months with a snapshot at 6 months (Quarterly scans can be carried out if required)., Other testing is chosen by the organisation from an agreed list.
We can provide you with a CoCo Scope of work schedule
To see what Tiger Certified Encription Limited can do on compliance checking give us a call 01905 754440 or go to http://encription.co.uk/public-sector.php

IBM

Assess your organizational structures, operational procedures and tools to ensure ongoing compliance.
More information can be found here

Landcope

StealthWatch generates a wide range of reports for management, day to day requirements and to provide supporting information for audit and compliance teams validating that the Authority infrastructure is secure and functioning within defined parameters and policies. For more information, contact us at international@lancope.com or visit http://www.lancope.com/solutions/compliance/

Logrythm

LogRhythm provides a suite of reporting templates to assist in performing ITHC including a GCSx report package that maps directly to the GCSx / CoCo requirements. This combined with investigations, and trending analysis the task of ITHC is made easy.

RSA

Growing legislative and regulatory mandates require organisations prove that electronic information exchange is protected, and retain comprehensive access and event information as well as transactional data.
Companies must have the systems in place to capture, collect and protect all data needed to fulfill the growing number of compliance reports required by governmental and industry regulatory organisations.
Organisations around the world look to the RSA enVision™ platform as the most effective and efficient way to deal with regulatory management and response. Only the RSA enVision platform assures optimal compliance through collection of All the Data™ from your entire enterprise.

Sapphire

Sapphire designs a range of compliance / auditing programmes and schedules which are in line with the auditing standard, ISO19011. In many cases Sapphire is approached to compile and run these schedules on its client’s behalf. This is in effect a knowledge transfer as Sapphire employs experienced, IRCA qualified staff. In addition to this, Sapphire is CESG CHECK certified to provide CHECK penetration tests, or IT Health Checks to local authorities. For further information please email Coco Information or call 01642 702100.