Cyber Audit and Assurance

Leonardo is an industry leader in the delivery and design of cyber security audits in highly complex regulatory environments, where safety, security and financial impacts are of critical importance.

When undertaking such cyber audits, Leonardo uses industry-standard frameworks including:

ISO 27000 Series (covering various aspects of information security management)
National Institute of Standards and Technology (NIST) Cyber Assessment Framework (CSF)
UK National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF)
Telecommunication Security Requirements (TSR)
NIST-SP-800-53 (information security standard provides a catalogue of privacy and security controls for information systems)
NIST-SP-800-82- (guide to operational technology security)
IEC-62443 (standards defining requirements and processes for securing industrial automation and control systems)

Delivering cyber assurance

Leonardo’s extensive experience in this area of cyber security enables the company to use one or more frameworks, according to each client’s specific requirements. Ultimately, this approach aims to achieve assurance process integration and delivery of a single audit collection that provides a viewpoint across multiple frameworks, both internally and externally.

Our innovative and flexible collection mechanisms enable consistent audits against several different target deployments, to account for security and privacy nuances whilst providing a consistent aggregated compliance picture.

In delivering cyber assurance, Leonardo has real world examples in the exploitation of audit and compliance to drive more holistic assurance pictures which enables ease of transposition from compliance to risk in a scientific, tool-based manner. Crucially, this enables the “so what” from compliance to be more efficiently understood and targeted fixes applied more quickly We have delivered these outcomes across a variety of sectors including:

Defence Platform, Missions and Services
Telecommunications, Operations Support Systems (OSS) and Radio Access Network (RAN) services
Energy Generation and Distribution
Critical Digital Infrastructure

Proven delivery of cyber audits and assurance

The accuracy and quality of Leonardo’s audit and assurance products are underlined by our accreditation by the UK government’s UK NCSC, which recognises Leonardo as a certified supplier in Cyber Risk Management. Using our extensive experience of cyber risk enables us to ensure audits provide assurance against key business / organisational metrics and also prioritise audit collection against controls which have the largest influence on any associated risk picture.

Choose Leonardo to help you efficiently, accurately and consistently measure and monitor the compliancy of your business, organisation, service, capability or platform against internal and external security requirements.

Neurodiversity Celebration Week

Tunnel Vision

Three decades of progress…but still a long way to go

Leonardo launches SME Collaboration Partner Programme

Defeating an ever-evolving threat: remotely controlled improvised explosive devices

Patrick Duggan