Our ISO27001 consulting services can be tailored to your exact needs and budget and our proven implementation approach and tools can be adapted for any size company, from large corporates right down to small business ventures.
As an IASME-accredited Cyber Essentials certification body, we can provide you with the support and expertise you need to make sure you protect your business and achieve Cyber Essentials certification for your organisation.
We offer a broad range of penetration testing services that can be tailored to suit your security needs. We pride ourselves in making penetration testing as simple as possible to help fulfil your security and compliance requirements.
Audit & Assurance
With a Big-4 background in IT Internal Audit, and experience in auditing IT within large and small organisations, we can provide the expertise you need to gain comfort that your IT function is performing effectively and within your risk appetite.
We bring together a wide variety of training programmes to help you build up the skills and knowledge your staff and security teams need, delivered on-line, off-site or at your office locations by ourselves and our training partners.
We have developed a number of resources you can use to improve information security within your organisation. From awareness posters to technical security guides, these resources play an important role in maintaining a good security posture.
Established in 2009 by two information security and IT audit professionals, CS Risk Management has become an award-winning security consultancy providing high-quality advice, testing, training and certification services across a broad set of security disciplines and industry sectors.
Based near the sleepy village of Binfield in Berkshire, we help businesses in the UK, Europe and the US get to grips with their information security and cyber security challenges by finding ways to meet these risks head on using cost-effective, practical solutions.
Over the last few years we have helped our customers build information security management systems considered "best in class" by Certification Body auditors, and supported many businesses large and small achieve their security goals successfully.
Call us today to find out how we can help you improve security in your business.
We are proud of the relationships we build with our customers and as testament to this the majority of our business comes from our existing customers and referrals.
We work with companies of all sizes from SMEs to multi-national organisations across various sectors, in the UK and globally.
Recent awards include Innovation & Excellence in Cyber Security 2016, Business Awards Best for Cyber Security Consultancy 2016 and Security & Fire Excellence Awards Finalist 2015
Our consultants have many years of experience in information security within SMEs, leading consultancies and blue chip companies. Our consultants are members of professional industry bodies including ISACA, (ISC)2, the IISP and BCI and hold professional certifications such as CISA, CISSP, CISM, SCCP and CBCI.
Meet the team
CISSP, SCCP, CISA
CISSP, CISM, CISA
We’re pleased to announce that CS Risk Management have been named one of AI Awards 2016 Businesses of Distinction!
We’ve pleased to have been selected as winner of the Most Exceptional Business in United Kingdom in the AI Most Exceptional Business Awards!
In February 2016, hackers hit the headlines again as news broke of a cyber attack on Bangladesh’s central bank. Specially crafted malware was used to hack into Bangladesh Bank’s SWIFT software, allowing the hackers to transfer $81 million from Bangladesh’s account at the Federal Reserve Bank of New York into accounts held at other banks, reportedly in the Philippines.
When we think of IT systems and Industrial Control Systems (ICS) we tend to think that there is a vast difference in the way they are secured and managed but in reality there is little difference in the approach needed to secure the two separate system types.
Cyber-extortion and blackmail are not new, but cyber-criminals have just about perfected their techniques of extracting money from the masses through the use of ransomware.
Businesses rely on data stored on their PCs, mobile devices and the cloud more and more each day – not necessarily important enough to make sure it is backed up reliably, but certainly enough to panic when criminals encrypt their data and then offer a decryption key at a price. […]
The European Parliament adopted the General Data Protection Regulation last Thursday as expected. The Regulation will likely enter into force on or before 20th July, 20 days following its publication in the EU Official Journal. Its provisions will be directly applicable in all Member States two years after this date. So organisations now have 27[…]
The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a denial-of-service condition. Users and administrators are encouraged to review Samba Release News[…]
A boiler replacement company that was listed as one of Britain’s most complained about nuisance callers has been fined £180,000 by the ICO. FEP Heatcare Ltd made 2.6 million unwanted calls, which played a recorded message promoting the company’s products and services. Source: ICO Enforcement Notices
On the 23rd December 2015 Ukraine suffered what is believed to be the first successful cyber-attack on an electricity distribution network cutting the power at 17 substations and leaving 225,000 people without power for several hours. In this blog we review the events leading up to and during the attack and what additional security controls[…]