Penetration Testing Packages
IT Governance Penetration Testing packages are designed to provide a complete solution for the efficient and routine testing of your IT system.
Our tests ensure that your networks and applications are genuinely secure against today's increasingly sophisticated, harmful and frequent automated cyber attacks.
Many of our solutions are designed to offer smaller organisations a cost-effective method of testing their network's security.
The benefits of the IT Governance Penetration Testing Package include:
a complete solution for the efficient and routine testing of your IT system;
peace of mind that your networks and applications are secure against cyber attacks;
a comprehensive technical report identifying potential vulnerabilities and recommended remedial activities for each vulnerability identified;
an executive summary of the potential vulnerabilities identified that can be used for your management team; and
an optional presentation of the report findings can be arranged for your management team.
If you require a penetration test for a larger enterprise with more complex requirements, please complete this form.
IT Governance offers the following types and levels of security testing and technical services:
Fixed Price Consultant-Driven Penetration Tests (Level 1 or Level 2):
The below offerings are based on a “fixed scope and fixed price” basis. However, our service offering also includes a customised test based on individual requirements of which the test scope will be prepared in consultation with our clients. A “Level 1” penetration test is a consultant-driven test designed to identify potential vulnerabilities in your systems, networks and applications, whereas a “Level 2” penetration test is a much more extensive test which simulates a cyber attack, designed to gain physical access to your system.
You can see the difference between the different levels of tests with our comparative table:
Other Technical Services:
Why IT Governance?
As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Clients can rest assured in the knowledge that the work will be carried out to rigorous standards by highly qualified and knowledgeable individuals with a solid track record of conducting penetration tests and vulnerability assessments.
As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Clients can rest assured in the knowledge that the work will be carried out to rigorous standards by qualified and knowledgeable individuals.
How should you select a reliable provider?
A good penetration tester can replicate the types of actions that a malicious attacker would take, which offers your IT teams with a much more accurate view of the vulnerabilities within your networks and systems at a specific point in time. Although there are several commercial products that can provide credible testing parameters and results, nothing replaces a hands-on, manual test conducted by a true ‘ethical hacking’ professional, certified by a regulatory organisation such as CREST. CREST member companies must undergo a rigorous assessment and certification process that looks at methodologies, test hygiene, staff vetting and data handling.
What types of systems can be tested through a penetration test?
The network layer (firewalls, web servers, email servers, etc).
The application layer (all major development languages, all major web servers, all major operating systems, all major browsers).
Internal workstations, printers, fax machines, virtual environments, internet enabled devices, etc.
Penetration Tests and the PCI DSS
The PCI DSS includes the need for conducting both types of penetration tests in order to be compliant with the standard, and whilst it is mandatory for all Level 1 Merchants, Service Providers and those organisations that have suffered a breach, it may be required for any organisation depending on your compliance requirements. To discuss your testing requirements for PCI Compliance, please call us now on +44 (0) 845 070 1750.
When should a Penetration Test be conducted?
Given the ever increasing risk of attack to a network and the continual enhancements and upgrades to a system over time, IT Governance strongly recommends that a Penetration Test be conducted on a regular basis. Such testing may also be a requirement for compliance with the ISO 27001 and PCI DSS Standards.
For smaller organisations that have had no major changes to their IT system over a period of 12 months, it is recommended that a Penetration Test be conducted on an annual basis (one per year).
For larger organisations that have had no major changes to their IT system over a period of 12 months, it is recommended that a Penetration Test be conducted on a quarterly basis (four per year).
It is recommended that a Penetration Test be conducted after every major installation or reconfiguration of a network infrastructure particularly if this involves firewalls and dedicated security sub-systems.
ITG Penetration Testing & Retesting Service
The IT Governance Penetration Testing Service is designed to identify vulnerabilities in an IT system and provide advice ad recommendation for any corrective measures required. When such remedial activity has been completed, IT Governance recommends that the original testing is repeated to ensure that the system is now fully secure.
ITG Penetration Testing & Annual Contracts
Designed to meet the needs of organisations of all sizes, the IT Governance Penetration Testing Annual Contract provides regular testing to ensure that networks and applications remain secure over a period of time. It will also ensure compliance with security standards such as ISO27001 and PCI DSS.
ITG Penetration Testing Packages are offered on a Single, Bi-annual or Quarterly Test basis.
ITG Penetration Testing & Multi-Year Contracts
The IT Governance Penetration Testing Multi-Year package is designed to provide an organisation with a guaranteed quality test for a one-, two- or three-year period and is offered at a significant discount on the cost of a single Penetration Test.
Please note that contracts that combine Penetration Testing Annual and Multi-Year contracts are available on request.
Penetration Testing & PCI DSS Combined Annual Contract
If an organisation is PCI DSS compliant at Level 1, it will require BOTH an annual penetration test and quarterly automated scans from an approved scanning vendor (ASV).
The IT Governance Penetration Testing & PCI DSS Combined Annual Contract package is designed to provide an organisation with all of the tests required for compliance for a one, two or three year period and is offered at a significant discount on the cost of the respective tests.
To book your Penetration Testing service or to discuss your requirements, please call us now on +44 (0) 845 070 1750 or complete this form.