Stratia Consulting specialise in Information Assurance and Risk Management.

We have years of experience in providing information assurance and information risk management services to all kinds of businesses. It does not matter whether you run a small start-up company or a large corporation, we will ensure your assets are protected and maintained efficiently. Our aim is to find the best form of protection for your business and provide you with the means to manage risks effectively in order to minimise financial costs and prevent damage to your reputation.

Cookie Policy

A cookie is a small file which asks permission to be placed on your computerÂ’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Contact Info

Risk Assessment

Our approach to risk assessment is based around our bespoke and tailored “CARE” method, consisting of four steps: Collaborate, Assess, Report and Evolve.

  • Collaborate - We will work with you to understand your business, context and regulatory environment, culture and ways of working.

  • Assess - We will identify and assess your information risks, informed by on-site visits to collect and inspect evidence.
  • Report - We will report our findings, conclusions and recommendations to you, usually in a staged approach to ensure the findings are understood and their importance is agreed.
  • Evolve - A risk assessment should not be a one-off activity. We will work with you to ensure that recommendations can be implemented in an appropriate and cost-effective manner, to improve your cyber security profile over time.

We have experience in using a wide range of different risk assessment methods, both qualitative and quantitative, and will tailor our approach based on what works for your organisation. Our approaches include:

  • The Cyber Vulnerability Investigation (CVI) method developed for the UK Ministry of Defence.
  • The HMG Information Assurance Standard No. 1 technical risk assessment method (no longer officially supported, but still widely used)
  • Tailored risk assessments focussing on specific categories of risk, e.g. privacy risk assessments undertaken as part of a General Data Protection Regulation (GDPR) readiness assessment.
  • Specific client-requested methods including OCTAVE Allegro and Attack Trees.

Regardless of the specific approach, at heart all risk assessments will consider threats, vulnerabilities and impacts (as per the definitions and approach set out in ISO 27005). These will be contextualised to the business, and the final risk assessment will be always written in plain English not cyber jargon.

Stratia Consulting’s risk assessment services have been certified by the National Cyber Security Centre (NCSC) as meeting their exacting standards.

Risk Assessments Informed by Threat Awareness

Up-to-date knowledge and situational awareness of cyber related threats and associated techniques is an essential input into any risk assessment. Stratia has established information feeds from a range of sources to ensure our consultants have this cutting-edge threat awareness, including:

  • Via our membership of the UK Cyber Security Information Sharing Partnership (CiSP)
  • Alerts and advisory notices from NCSC, US-CERT and a range of other sources.
  • Technical expert resources such as Alienvault OTX, Phishtank and ThreatCrowd.
  • Specialist news sites and information feeds.