At 3roc, we believe that during the consulting process, the focus should remain on strategy, structure, and design rather than getting caught up in premature content discussions. By streamlining our approach, we ensure that review stages are dedicated to refining the overall solution, allowing us to deliver impactful, data-driven results without unnecessary delay.
Cybersecurity Risk Assessment & Resilience Planning
Client: A Unitary Authority in the Midlands
Duration: 3 months
Value: £85,000
Role(s) Provided: Cybersecurity Consultant (specialist), Cybersecurity Consultant (general)
Challenge:
The council needed to strengthen its cyber resilience after a neighbouring authority suffered a ransomware attack. They required an independent security review, vulnerability assessment, and a clear, actionable resilience plan.
3Roc’s Approach:
Delivered a Cyber Risk Assessment and Threat Modelling exercise based on NCSC Cyber Assessment Framework (CAF).
Carried out penetration testing of critical systems.
Developed a Security Operating Model with defined incident response roles, escalation paths, and recovery procedures.
Recommended targeted security awareness training for all employees.
Outcome:
Identified and remediated 14 high-risk vulnerabilities within 6 weeks.
Delivered an incident response plan that reduced recovery time estimates from 5 days to under 24 hours.
Achieved Cyber Essentials Plus re-certification without remedial work.
