IT Governance Blog on IT governance, risk management, compliance and information security.

Many suppliers of pen testing services in the UK provide very effective technical tests but often fail to deliver a comprehensive Penetration Testing report. The quality of the information contained in the report and its relationship to the identification of the potential threats is crucial to ensuring your networks and applications are truly secure.

What should you expect from our Penetration Test Report?

While a great deal of technical effort is applied during the testing and analysis, the real value of our Penetration Testing service is in the report and the subsequent briefing provided to your key stakeholders. Each report includes the following:

• A complete description of the tests performed
• Each potential vulnerability identified and ranked in order of importance
• A proposed remedial solution for each potential vulnerability
• An Executive Summary that clearly identifies the business risks and possible solutions
• The opportunity to discuss all tests and recommendations as required

Not just for the IT Manager

The information in the Penetration Test Report should always be shared with senior management and other key stakeholders. Prior to any testing, we recommend that you undertake a risk assessment to indentify the major potential threats to your system and align the potential damage that they may cause to the key objectives of your organisation. These risks may include the loss of confidential information, the failure of communications or the failure of a business critical system such as an e-commerce site.

The IT Governance Penetration Test Report always includes an Executive Summary that identifies these business risks and possible solutions in non-technical layman’s terms. In addition to the standard report, many of our customers also ask us to attend a meeting at their office to present our results and recommendations in detail.

What makes our Penetration Testing service unique?

IT Governance has a long and distinguished history in the provision of information security expertise and solutions and is widely known for its work in helping organisations achieve compliance with the PCI DSS and ISO/IEC 27001:2005 standards. Our Penetration Testing service builds on this foundation to provide the highest quality security testing of your IT networks and applications.

Why should you choose IT Governance for your Penetration Testing service?

• Practical risk assessment to ensure testing meets all security objectives
• All types of testing provided including system, applications and staff assessment
• Qualified Certified Security testers employing the latest ethical techniques
• Comprehensive testing report outlining all appropriate remedial actions

Find out more about the ITG Penetration Testing – Standard Package

Please take the opportunity to contact us directly to discuss your requirements
and find out how you can book your Penetration Testing Service. Our Customer
Service team will be delighted to hear from you and if required can arrange for
one our Consultants to call you for a no-obligation chat. For further
information, please email or call on 08450 701750.

Does your organisation have any externally-facing Web applications? Did you know that over 70% of all cyber attacks target Web application vulnerabilities linked to essential functionality including shopping carts, web forms, login pages, dynamic content and blogs?

It is very likely that your Web application uses a back-end database to store and record confidential customer, employee or partner information. Firewalls and SSL do not provide complete web application security as network ports 80 and 443 must remain open to allow the website to use data from internal database servers. While there is no doubt that complexity and ease of access to Web applications make them easier to attack, the real value to a hacker is the prize of valuable payment and credit card information!

According to a US study published by WhiteHat Security, the average website has thirteen “serious” individual vulnerabilities that could be exploited by cyber criminals. Vulnerabilities like these would be given high, critical, or urgent severity in a typical security audit associated with the Payment Card Industry Data Security Standard (PCI DSS).

The IT Governance Web Application Testing Package is designed to provide a complete solution for the efficient and routine testing of your IT system ensuring that your applications are genuinely secure against today’s automated cyber attacks.

(more…)

Our research shows that even experienced IT professionals can find Penetration Testing complex to purchase and arrange. There also appears to be much confusion as to why the costs for this service seem to vary from supplier to supplier!

The usual explanation from suppliers is that Penetration Testing is proportional to the complexity of your IT system, and they need to put time and effort into fully understanding your needs. In our experience, the potential hacker does not need to fully understand your system, or your business, to find most of the major vulnerabilities in your network and Web applications.

At IT Governance, our approach to Penetration Testing is to use our knowledge of hacking methodologies to simulate malicious attacks, indentify the key vulnerabilities and recommend remedial activities. We can start on this work almost immediately and, for most organisations, can offer this service at a fixed cost.

(more…)

As the technical manager responsible for Information Security in your organisation you will have already taken a number of measures to secure your system from the risks of external and internal attack. But how can you ensure that your security is adequate, functional and fully meets the needs of your organisation?

Effective Penetration Testing of your system is the only way of establishing that your networks and applications are truly secure.

Why should you conduct a Penetration Test?

• Identify vulnerabilities and quantify their impact and likelihood;
• Propose corrective measures and implement remedial actions;
• Ensure compliance to compulsory standards which include PCI DSS and ISO27001;
• Prevent financial loss through fraud or lost revenue due to unreliable business systems;
• Protect your company reputation by avoiding loss of customer confidence and reputation.

How do you choose a supplier from the increasing number of companies who offer this service?

IT Governance has a long and distinguished history in the provision of information security expertise and solutions and is widely known for its work in helping organisations achieve compliance with the PCI DSS and ISO/IEC 27001:2005 standards. Our Penetration Testing service builds on this foundation to provide the highest quality security testing of your IT networks and applications.

Why should you choose IT Governance for your penetration testing service?

• Qualified Certified Security testers employing the latest ethical techniques;
• Best practice OSSTMM methodology, developed and published by ISECOM;
• Confidential service underpinned by Non Disclosure Agreement (NDA);
• Comprehensive testing report outlining all remedial actions.

Please take the opportunity to contact us directly to discuss your requirements and find out how you can book your Penetration Testing Service. Our Customer Service team will be delighted to hear from you and if required can arrange for one our Consultants to call you for a no-obligation chat.

For further information, please email servicecentre@itgovernance.co.uk
or call on 08450 701750.

PS: Did you know that if you provide services to the UK Department Work and Pensions (DWP), your company is required to have a Security Plan in which a pen test is mandatory!

Penetration Testing Services from ITG Security Testing Ltd