Contact Us

CDCAT® - Cyber Defence Capability Assessment Tool

An effective, comprehensive way to assess an organisation's existing cyber defences.

The Cyber Defence Capability Assessment Tool (CDCAT) is an effective, comprehensive way for organizations to assess their existing cyber defences, identify any vulnerability(s) in their defences and what mitigations can be applied. Considering the frequency of attacks on organizations’ sensitive cyber assets – CDCAT is an essential tool in combatting the threats posed by any number of cyber-criminals and criminal organizations.

CDCAT was developed by the Defence Science and Technology Laboratory (Dstl), a trading fund of the MOD. Dstl is dedicated to keeping the UK secure through development of innovative science and technology. Dstl provides impartial scientific and technological advice to the UK Armed Forces and British Government.

Why was CDCAT Introduced?

Cyber-criminals continuously evolve and adapt their methods of bypassing the traditionally rigid cyber-security controls organizations have in place. For organizations to stay safe they need to be similarly adaptive – this is where CDCAT comes in.

While it is highly advantageous for organizations to implement standards such as ISO/IEC 27001, or employ tools like penetration testing – these only constitute one part of an effective cyber security strategy.

CDCAT is designed so that the full sets of best practice controls are incorporated - including ISO/IEC 27001:2013, the US’ NIST Cyber Security Framework, UK’s 10 steps to Cyber Security and Cyber Essentials. As a result CDCAT is a truly comprehensive cyber-security assessment tool, enveloping the standard lifecycle of assess, deter, protect, detect and respond – mapped against the ITIL lifecycle of Service Strategy, Service Design, Service Transition and Service Operation.   

Who is CDCAT For?

CDCAT is designed for organizations who wish to establish the most comprehensive and effective cyber security strategy possible. Cyber criminals rarely discriminate, every organization is vulnerable – so it is absolutely essential that an organisation performs every measure it can to keep its sensitive information and assets secure.

Irrespective of whether your organization wants to confirm the effectiveness of its current cyber security controls, or is genuinely unsure on how to go about establishing its cyber defences – CDCAT will act as an essential form of dynamic cyber security intelligence. Considering CDCAT has been developed by Dstl, your organization can be confident that CDCAT is one of the most cutting-edge cyber security options available.

What Benefits will CDCAT Bring to My Organization?

  • CDCAT is the unique decision support system which allows a company to dynamically and proactively tackle its cyber security needs through business risk appetite analysis.
  • CDCAT is updated on a quarterly basis with information drawn from multiple international sources not readily available to the private/public sector.
  • CDCAT makes it easier for an organisation to manage their own cyber risk strategy and provides simple steps to improve cyber defence capabilities.
  • CDCAT provides cyber professionals with the tools to build effective business cases for vital updates. Worst case scenario modelling outlines the potential cost to an organisation of not implementing the recommended change and suffering a breach. This is measured against the costs of enacting the change. These forecasts are based on the data provided during the assessment.
  • CDCAT supports continuous security improvements for organisations and supply chains - as threats, consequences and risk appetites change. Through integrating multiple evolving reference standards, e.g. ISO 27000-series, it provides a framework for the assessment and integration of new technologies, e.g. cloud, mobile, digital applications, etc. supporting an up-to-date assessment.
  • CDCAT provides organisations with a way to report back to key stakeholders that they are addressing sector based vulnerabilities and proactively targeting cyber defence weak spots.
  • CDCAT calculates the overall business preparedness scores and defines a number of reports to support the analysis and assessment of the business improvements required.
  • Cost savings can be driven through adopting an efficient risk management approach utilising the recommendations made in the CDCAT report.
  • Visible, effective cyber security is an enabler for a thriving business.