IT Governance Blog on IT governance, risk management, compliance and information security.

US military sources have told the New York Times that development of the Stuxnet computer worm used to attack uranium enrichment facilities in Iran was achieved by US and Israeli experts working closely together. The results appear to indicate the set back the development of the Iranian nuclear weapons programme by up to five years!

Many business leaders in the UK remain uncertain about the real risk of cyber attack on their business. They understand the global and national threats but associate these attacks and their defence with the activities of terrorists and nation states. However, the recent Wikileaks-related attacks on the Web services of Visa and MasterCard were instigated using very simple and low cost software which is freely available on the Internet.

While the UK government, through the newly formed Office of Cyber Security and Information Assurance (OCSIA), will be providing significant resources to protect national assets, the responsibility to protect the assets of your company is yours!

How can you protect the assets of your business from the risks associated with cybercrime?

	IT Governance 360 Degree Cyber Security Assessment Package The IT Governance 360 Degree Cyber Security Assessment Package is designed to provide your organisation with a complete cyber risk assessment and deliver practical recommendations for the remedial activities required to reduce or eliminate the risks of cybercrime. This package offers a suite of dedicated solutions which include:

1. Vulnerability Scanning – fully automated scanning to identify and report on the complete range of potential weak points in your system.
2. Penetration Testing – with the knowledge of your key vulnerabilities and your permission, we will use ethical hacking techniques to identify how weakness can be exploited.
3. Web Application Testing – given that 70% of commercial cyber attacks use vulnerable Web applications, we will test weak points such as shopping carts, online forms and blogs.
4. Social Testing – while the cyber risks from external sources are high, the risks from ‘white collar crime’ committed by staff and associates within your company are even higher.
5. Assessment Report – a complete set of reports indentifying vulnerabilities and recommending appropriate solutions to remove or mitigate each of the cyber risks.

Routine assessment of your IT system and information security management is the only way of establishing that your networks and applications are genuinely secure against today’s automated cyber risks.

For more details on the cyber risks faced by your business and how you can how you can book your 360 Degree Cyber Security Assessment Package, please visit our dedicated Protect Your Business from Cyber Risk Web Page:

360 Degree Cyber Security Assessment Package

PS. In response to recent events, IT Governance has published a free White Paper, Cyber Security: a Critical Business Risk which outlines the challenges faced by all UK organisations and proposes a strategy for mitigation against the risks of cyber attack.

Download your free copy of Cyber Security: a Critical Business Risk

In the last few weeks, “hacktivists” have targeted a number of commercial organisations who have withdrawn from their relationships with the whistle-blowing website Wikileaks and its founder Julian Assange. These remarkable events have seen Distributed Denial-of-Service (DDoS) attacks on the availability of the Web services of MasterCard, Visa and PayPal.

If high profile sites like MasterCard and Visa can so easily be attacked and interrupted, how much more easily could someone with a grudge take down your Internet presence? Can you afford to find out the hard way? Or should you take early steps to assess your cyber-resilience?

The stakes are high and the potential impact of a DDoS cyber attack on your organization could be severe, resulting in a significant loss of business and confidence from your customers and key stakeholders.

IT Governance Penetration Testing Services are designed to provide your organisation with a complete cyber risk assessment and deliver practical recommendations for the remedial activities required to reduce or eliminate the risks of cybercrime.

The benefits of our Penetration Testing Services include:

• A complete solution for the efficient and routine testing of your IT system
• Ensuring that networks and applications are secure against cyber attacks
• An agreed scope of testing delivered for known and fixed costs
• A comprehensive report indentifying vulnerabilities and recommended remedial activity.

Routine assessment of your IT system and information security management is the only way of establishing that your networks and applications are genuinely secure against today’s automated cyber attacks.

For more details on the cyber risks faced by your business, visit our dedicated Cyber Security Web Page. (http://www.itgovernance.co.uk/cybersecurity.aspx).

Please take the opportunity to contact us directly to discuss your requirements and find out how you can book your Penetration Testing Service. Our Customer Service team will be delighted to hear from you and, if required, can arrange for one our Consultants to call you for a no-obligation chat.

For further information, please e-mail servicecentre@itgovernance.co.uk or call on 0845 070 1750.

ITG Penetration Testing Services

Does your organisation have any externally-facing Web applications? Did you know that over 70% of all cyber attacks target Web application vulnerabilities linked to essential functionality including shopping carts, web forms, login pages, dynamic content and blogs?

It is very likely that your Web application uses a back-end database to store and record confidential customer, employee or partner information. Firewalls and SSL do not provide complete web application security as network ports 80 and 443 must remain open to allow the website to use data from internal database servers. While there is no doubt that complexity and ease of access to Web applications make them easier to attack, the real value to a hacker is the prize of valuable payment and credit card information!

According to a US study published by WhiteHat Security, the average website has thirteen “serious” individual vulnerabilities that could be exploited by cyber criminals. Vulnerabilities like these would be given high, critical, or urgent severity in a typical security audit associated with the Payment Card Industry Data Security Standard (PCI DSS).

The IT Governance Web Application Testing Package is designed to provide a complete solution for the efficient and routine testing of your IT system ensuring that your applications are genuinely secure against today’s automated cyber attacks.

(more…)

Our research shows that even experienced IT professionals can find Penetration Testing complex to purchase and arrange. There also appears to be much confusion as to why the costs for this service seem to vary from supplier to supplier!

The usual explanation from suppliers is that Penetration Testing is proportional to the complexity of your IT system, and they need to put time and effort into fully understanding your needs. In our experience, the potential hacker does not need to fully understand your system, or your business, to find most of the major vulnerabilities in your network and Web applications.

At IT Governance, our approach to Penetration Testing is to use our knowledge of hacking methodologies to simulate malicious attacks, indentify the key vulnerabilities and recommend remedial activities. We can start on this work almost immediately and, for most organisations, can offer this service at a fixed cost.

(more…)

Many suppliers of pen testing services in the UK provide very effective technical tests but often fail to deliver a comprehensive Penetration Testing Report. The quality of the information contained in the report and its relationship to the identification of the potential threats, is crucial to ensuring your networks and applications are truly secure.

What should you expect from our Penetration Test Report?

While a great deal of technical effort is applied during the testing and analysis, the real value of our Penetration Testing Service is in the report and the subsequent briefing provided to your key stakeholders. Each report includes the following:

• A complete description of the tests performed
• Each potential vulnerability identified and ranked in order of importance
• A proposed remedial solution for each potential vulnerability
• An Executive Summary that clearly identifies the business risks and possible solutions
• The opportunity to discuss all tests and recommendations as required.

(more…)

As the technical manager responsible for Information Security in your organisation you will have already taken a number of measures to secure your system from the risks of external and internal attack. But how can you ensure that your security is adequate, functional and fully meets the needs of your organisation?

Effective Penetration Testing of your system is the only way of establishing that your networks and applications are truly secure.

Why should you conduct a Penetration Test?

• Identify vulnerabilities and quantify their impact and likelihood;
• Propose corrective measures and implement remedial actions;
• Ensure compliance to compulsory standards which include PCI DSS and ISO27001;
• Prevent financial loss through fraud or lost revenue due to unreliable business systems;
• Protect your company reputation by avoiding loss of customer confidence and reputation.

How do you choose a supplier from the increasing number of companies who offer this service?

IT Governance has a long and distinguished history in the provision of information security expertise and solutions and is widely known for its work in helping organisations achieve compliance with the PCI DSS and ISO/IEC 27001:2005 standards. Our Penetration Testing service builds on this foundation to provide the highest quality security testing of your IT networks and applications.

Why should you choose IT Governance for your penetration testing service?

• Qualified Certified Security testers employing the latest ethical techniques;
• Best practice OSSTMM methodology, developed and published by ISECOM;
• Confidential service underpinned by Non Disclosure Agreement (NDA);
• Comprehensive testing report outlining all remedial actions.

Please take the opportunity to contact us directly to discuss your requirements and find out how you can book your Penetration Testing Service. Our Customer Service team will be delighted to hear from you and if required can arrange for one our Consultants to call you for a no-obligation chat.

For further information, please email servicecentre@itgovernance.co.uk
or call on 08450 701750.

PS: Did you know that if you provide services to the UK Department Work and Pensions (DWP), your company is required to have a Security Plan in which a pen test is mandatory!

Penetration Testing Services from ITG Security Testing Ltd

All IT and information systems need to be secured against hacking and other unauthorised access, whether deliberate or accidental. If you haven’t had one before, you need an IT health check as soon as possible!

An IT Health Check (a CHECK-compatible IT security consultancy service) is the standard way for an organisation to assess the security status of the IT infrastructure. Technical compliance checking is also a standard ISO27001 Annexe A control.
Download our FAQs/White Paper for more information on Security (Penetration) Testing and ISO27001.

IT Governance provides focused, cost-effective penetration and security testing services

Book an IT Health Check by 31 March for delivery before 31 May and save 50% against the cost!

IT Health Checks Cover:

(more…)