IT Governance (ITG), which bills itself as a one-stop shop for compliance expertise, has diversified into penetration testing.
According to the Ely-based IT services firm, cybercriminals are increasingly targeting IP addresses, website applications, firewalls, network devices, hardware and software.
As a result, the firm says, all internet-facing networks and resources are subject to automated, malicious probing and, when a vulnerability is detected, the exploitation of that vulnerability is also usually automatic.
The firm's penetration testing service is billed as examining and testing the technical security measures an organisation has in place to protect its networks and applications.
Effective penetration testing – often known as 'pen testing' – involves the simulation of a malicious IT attack, using a carefully-planned combination of methods and tools to mimic the range of possible attacks.
However, says ITG, instead of completing the attack, its pen testing team will document the vulnerability and recommend steps to reduce the risk.
The consequent findings then form the basis of a remediation programme.
Alan Calder, ITG's chief executive, said that, in a world where attacks on networks and applications are growing in number at an exponential rate, effective pen testing is the only way of establishing true security.
"The penalties incurred by organisations failing to defend against such attacks are becoming ever steeper", he said.
"Client demand drove us to launch our ITG security testing service. More and more of our ISO27001 consultancy customers have recognised the need for security testing to be part of their initial security plan, as well as their longer term security maintenance", he added.
According to Calder, clients want a pen testing service that can be integrated into the range of consultancy services they are already using, and also one that is delivered by a reputable and ISO27001-certified company, such as ITG.
"Compliance requirements also increasingly recognise that penetration testing should form part of ongoing security activity in all organisations. Department for Work and Pensions contracts, for instance, look for suppliers to achieve ISO27001 certification, as well as to carry out an initial penetration test, and then to maintain an acceptable level of technical information security", he said.
"We are not just looking to provide short-term analysis and remediation. We want to support organisations in the long term with a comprehensive suite of security services, ensuring their information assets continue to be protected from today's evolving IT security threats."
SOURCE: This article is featured in IT Forensics
No comments:
Post a Comment