The Challenge

The threat of cyber crime is rising fast for business and even faster for government bodies, most well-known is the recent “ransomware” called WannaCry which successfully shut down the NHS in 2017. It is now more important than ever for government bodies to be resilient to attacks but also to be developing strategies to prevent future attacks.

Due to The Department moving from an out-sourced model for IT service provision to one where support was internally managed and provided, our client was charged with establishing the first line cyber security defence and capability. They needed help and support in cyber security strategy development, and subsequent programme definition and associated business case. We aided in the establishment of a governance framework, communications and engagement and bringing order to the delivery function.

With a long-standing relationship in this department and work evidenced throughout other government departments, Chaucer were in a prime position to help our client achieve their objectives.

The Solution

The approach undertook was “Understand, Apply and Iterate”. By working closely with the leadership team, Chaucer quickly understood the pain points, issues and areas for progress that were desired. Understanding the desired outcomes enabled ‘agile planning’ to outline deliverables over the length of the contract focusing on those deliverables with the highest priority.

Working with key stakeholders in the department, the team worked to develop a security strategy that was effective, simple to communicate and simple to understand. Based on the NIST Cybersecurity Framework it provided an easily recognisable and pan-industry understood approach to the delivery of cyber security across the organisation with a governance model based on the ‘3 Line of Defence’ (again well understood and accepted across industry).

Once the strategy was developed to a mature state, the Chaucer team developed the business case and programme definition for its implementation.

The Results

The end state of the engagement was:

1. Well understood NIST Cybersecurity Framework based, ‘3 Line of Defence’ governance modelled First Line Cyber Security Strategy.
2. Developed Business Case for the implementation of a ‘Cyber Programme’ focused on delivering and implementing the cyber security operating model and strategically targeted growth in cyber security maturity.
3. A Programme definition for the ‘Cyber Programme’ supported (and supporting) the business case above.

The department is now in a strong position to deploy the agreed operating model, develop organisational cyber security maturity and deliver the safe and responsible cyber security required to maintain client confidentiality and enable business delivery.