info@q-slice.com
The QUANTA framework is a modular and scalable control framework designed to help organisations prepare for, defend against and transition through the emerging threats posed by quantum computing. It recognises that the rise of quantum computing presents a critical risk to widely deployed cryptographic systems and responds with a practical, actionable set of controls built around international best practices.
The framework is developed to bridge the gap between lightweight assurance schemes like Cyber Essentials and comprehensive security standards such as ISO/IEC 27001 and NIST CSF. QUANTA offers a structured, modular control architecture that enables public and private sector bodies alike to tailor their post-quantum strategies in a phased and resource-sensitive manner. The core focus is on enabling quantum resilience across eight functional domains, with 40 discrete security controls that map directly to NIST CSF 2.0, CIS Controls v8 and ISO/IEC 27001:2022.
Each control in the QUANTA framework is designed for either standalone implementation or combined deployment across layered security models, described internally as a 'Lego Security' approach. This modular design ensures that both large-scale enterprises and smaller public sector bodies can adopt quantum-resilient measures according to their level of maturity and sectoral constraints.
The eight domains covered by QUANTA include Cryptographic Resilience, Governance and Risk, Security Architecture and Design, Monitoring and Assurance, Training and Awareness, Supply Chain Dependencies, Data Protection and Confidentiality, and Framework Alignment. Each domain addresses key aspects of the cybersecurity lifecycle and anticipates long-term strategic requirements for resisting quantum-era adversaries.
The framework particularly addresses the threats posed by Shor’s algorithm, which undermines RSA and ECC and Grover’s algorithm, which weakens symmetric encryption and hash functions. By anticipating and mitigating these threats through policy, architecture, and training, QUANTA seeks to enable a smooth and strategic transition to post-quantum cryptographic readiness.
QUANTA is designed to evolve. It supports early-stage awareness activities, hybrid cryptographic deployment using NIST PQC finalists (such as Kyber, SLH-DSA, and ML-DSA), and full migration planning to long-term quantum-resistant environments. It encourages adoption of open standards like the Open Quantum Safe project and promotes the use of flexible, outcome-driven controls suitable for audit, compliance and national regulatory strategies.
Qubits is the target IBM aims to achieve by 2025, potentially placing RSA and ECC encryption at real risk.
Of global encrypted internet traffic is vulnerable to quantum attacks if post-quantum cryptography is not adopted in time.
Dollars was allocated by the U.S. Department of Homeland Security in 2023 to accelerate post-quantum cryptography adoption.
Years is the estimated timeframe in which large-scale quantum computers could break RSA-2048 encryption, according to NIST projections.
Jeremy Green developer of Q-SLICE and QUANTA as part of his PhD in computer science. Is also a skilled and experienced security professional with more than 20 certifications across platform, security and DevSecOps including CISSP, CISM, CEH, ECDE and CHFI. He is also an official instructor for ISACA and EC Council and the author of Information Security Management Principles, fourth edition and Security Architecture A practical guide to designing proactive and resilient cyber protection published by BCS.
Author
Jeremy is also the author of BCS Information Security Management Principles Fourth Edition and Security Architecture: A practical guide to designing proactive and resilient cyber protection.
Instructor
Jeremy is an instructor for CompTIA, ISC2, ISACA and EC Council with twenty certifications. He also teachers Ethical Hacking and Digital Forensics on a Foundation Degree and holds a Cert Ed and QTLS.
Security Architect
Jeremy is a security architect supporting the security design and implementation of a large project for Leidos. Undertaking threat modelling, design assessment and stakeholder engagement.
Many organisations will be slow to recognise or respond to the threat posed by quantum computing, particularly in relation to its potential to break classical cryptographic systems. Some of this is due to quantum computing still being widely perceived as an abstract, long-term concern rather than an immediate operational risk.