First UK Certified Incident Response firms named

Five organisations have been named as the first certified consultancies in the government’s scheme to help UK organisations respond effectively to the increase in cyber attacks.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The Certified Incident Response scheme is backed by CESG, the information assurance arm of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI).

The first companies that public sector organisations and providers of critical national infrastructure can turn to in the event of a cyber attack, compromise or breach are: BAE Systems Detica, ​Context Information Security, Mandiant,​ MWR Infosecurity, and SecureWorks.

The accreditation process is managed for the government by the Council of Registered Ethical Security Testers (CREST).

Three of the companies – BAE Systems Detica, Context and Mandiant – took part in the pilot after the scheme was announced in November 2012.

The scheme, launched in August 2013, builds on the 10 Steps to Cyber Security launched by the government in September 2012 and provides advice to business leaders on increasing cyber security within their own organisations. It also supports the delivery of the UK Cyber Security Strategy.

By taking this joint approach on response to cyber incidents, the government said it would work with industry to nurture and grow the emerging UK cyber incident response industry in scale and expertise.

"Incident response skills are currently in short supply and there is an increasing need for genuine, proven capability in this area – particularly in an age of increasingly complex cyber attacks," said Alex Fidgen, director at MWR InfoSecurity. 

"This scheme will help to professionalise this part of the industry and provide businesses and the government with accredited services and qualified professionals," he said.  

Martin Sutherland, managing director of BAE Systems Detica, said that once an intruder is discovered, organisations understandably want to take immediate action to mitigate their risk exposure.

“The Cyber Incident Response Scheme should act as a timely reminder of the agility with which attackers operate and the need for an even more agile and fast response to combat the threat,” he said.

According to Sutherland, creating a network of trusted suppliers helps strengthen the cyber defences of the country as a whole and ensures that the networks of organisations of national significance are protected against the most targeted and sophisticated threats.