Risk Crew Case Studies

Risk Management – Security Awareness Training

We conducted security awareness training through Risk Crew’s eRiskology platform for an international automotive parts distributor. It was a 3-year, organic program applying simple, intuitive, personal multi-media messaging through 4 harmonised “pathways”: Inspire, Empower, Engage and Measure.

Pathways were designed to measure existing and changing awareness states by capturing key performance indicators collected to confirm & measure cultural change. We leveraged social engineering activities to collect phishing and telephone pre-texting KPIs. By the end of the 3-year engagement, the assessment pass rate increased by 140% and the organisation is working towards ensuring organisation assets remain safe and protected from threat actors.

Learn more about the service

Governance, Risk and Compliance
Risk Crew were approached by a major telecommunication and IT provider who aspired to achieve certification in ISO 27001:2013. We conducted a security maturity assessment to analyse their existing security landscape – including a review of their policies, procedures, governance and security controls.

We started with the statement of applicability and engaged with a client in a way that minimised the impact on their day-to-day business. Our approach was to make ISO 27001 fit their business and not the other way around. We also acted as their information security manager by conducting internal audits against all controls and testing their business continuity and incident management process.

We then moved to designing and building their Information Security Management System. In the process, Risk Crew conducted interviews with key stakeholders and control owners to identify critical information assets; conducted a risk assessment, populated the risk treatment plan and developed security policies to fill the gaps.

Prior to the UKAS auditors’ certification audit, one of our consultants conducted a mock audit to identify any non-conformities before the live audit. The client successfully achieved an ISO 27001:2013 certification with only a few recorded observations from the auditor.

Finally, we have left them with the tool kit to ensure they can maintain and enhance their ISMS in the future.
Learn more about the service Download the case study

Red Team Testing

A major United Kingdom-based retail banking organisation that provides a wide range of personal, business and wealth management financial services identified an immediate need to ensure that their physical, information and cyber security controls could withstand a “real-world attack” from current cyber criminal threat actor tools and methodologies.

The organisation required efficacy confirmation of the Information Security Management System (ISMS) deployed to protect the information assets they processed, stored and transmitted. It was imperative that the effectiveness of all the controls implemented in their business processes, staff, facilities and IT systems that prevent unauthorised access to their sensitive data be verified as “fit for purpose”.

Risk Crew designed and delivered a comprehensive Red Team security test in response to this requirement. The testing took place over 3 months and comprised the collection of Open-Source Intelligence (OSINT) associated with the customer, their business processes, staff and operating locations. 

The testing resulted in identifying numerous and significant security flaws, which were easily exploited and allowed unauthorised access and data exfiltration which had not been identified in previous security audits or tests.    

Learn more about the service Download the case study

Hear From Our Clients

A fantastic team of experts. My business was guided through both Cyber Essentials and Cyber Essentials Plus certification very efficiently. The staff are professional, extremely knowledgeable and friendly - not to mention very patient. Would highly recommend.
Shaun Pounder
Shaun Pounder
2021-11-05
We at Hackademic Ltd have worked with Risk Crew on various projects, and I can safely say they have a superb team and are very professional and know their stuff. We look forward to many collaborations in the future!
simon carse
simon carse
2021-10-25
A fantastical place to work. Everyone on staff is supportive to all and always in good spirits (well majority of the time ;-). It's truly a gift to have such a dedicated team to work with.
Tracy Shumaker
Tracy Shumaker
2021-10-22
Having worked with Richard Hollis & Risk Crew for more than 15 years on various projects, you'll be hard pushed to find a more professional and knowledgeable team. If you want to know if your cyber defences are up to withstanding real world threats, get in touch , you definitely won't regret it.
Rob Harrison
Rob Harrison
2021-10-07
As Head of Internal Audit for a SME firm in the Financial Services sector, we explored building and cyber security controls on a regular basis. We worked with the Risk Crew on two such projects and I was extremely pleased with the work they did for us. They worked hard to understand the nature and needs of our business, put together an innovative testing strategy and carried out that testing very effectively. Their approach produced eye-opening results which certainly helped our management team to understand the work required to improve controls and the importance of doing so. I would have no hesitation to use the Risk Crew again on similar projects in the future and would happily recommend them to other firms looking to test their physical or information security controls.
gojuryu512
gojuryu512
2021-03-23
The team at Risk Crew have been a great support to us for our Cyber Essentials Plus certification. They have been quick to respond, supported us when needed & talked us through every step of the way. I would highly recommend their services for Cyber Essentials Plus.
Michelle Bond
Michelle Bond
2021-02-16
I have had the pleasure of knowing Richard and his team for over 10 years. Richards knowledge and experience is second to none.
Mark Railton
Mark Railton
2021-02-15
love the work being done by Richard Hollis and his team - we have been big Richard fans for many years and his approach to understanding people's needs and behaviours is highly engaging. any company who wants a knowledgeable ear should follow Richard and his team
Mandy Little
Mandy Little
2021-02-11
We have worked with Risk Crew for a number of years on our Cyber Essentials Plus certification. They have provided exceptional support, advice and guidance throughout the process and have always gone the extra mile to ensure we understand the requirements and how to evidence them. We feel that Risk Crew would provide a great service to companies both new to Cyber Essentials and those seeking to recertificate, and hope to continue working with them for many years to come!
Laura Welford
Laura Welford
2021-02-10

Why Choose Risk Crew

 

Experienced Practitioners

Risk Crew has over 30 years of practical knowledge. Our information security experts hold CISSP, CISA, CISM and CRISC certifications.

Complete Transparency

We provide you with full knowledge transfer throughout the entire engagement to help your organisation.

On-Going Support

Risk Crew helps you maintain compliance with a variety of support services including risk assessments, security testing and staff awareness training.

100% Satisfaction Guarantee

We think deeply, question assumptions, detect cause and effect and deliver measurable results. No one else does that. Our deliverables produce metrics you can use to monitor and manage real-world cyber risks.

Learn More About Risk Crew

      Let’s Discuss Your Security Requirements 

When you choose Risk Crew, you’re electing to work with qualified governance, risk and compliance experts.

Phone: +44 (0) 20 3653 1234
Email: information@riskcrew.com

[/raw]