This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Hide
United Kingdom

Select your regional store:

ProtectComplyThrive

IT Governance Technical Services

IT Governance is a professional consultancy and technical services firm providing a comprehensive range of information security resources, audits and testing to help organisations of all sizes contain and reduce information security risks.

With our consultative approach, we are able to not only assist with your day-to-day information security requirements, but also undertake annual audits for compliance with international standards and provide professional advice on information security strategy.

Download our technical services brochure.

PCI DSS Consultancy Services

As an approved Qualified Security Assessor (QSA) company we can help organisations respond to and mitigate data breaches and cyber attacks. Our PCI DSS consultancy services include scoping, gap analysis, remediation support and audit.

Our principal role as a QSA is to ensure that organisations are fully compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS). All QSA companies must comply with and adhere to a number of rigorous business and technical requirements, as specified by the PCI SCC.

Click here to view our PCI consultancy services, or email us or call +44 (0)845 070 1750.

 

IT Health Check

We can offer complete IT Health Checks, designed to offer a comprehensive view of your system’s strengths and vulnerabilities from a completely unbiased, expert perspective. Entirely customised to your needs, your company’s activity and your company’s size, the IT Health Check is a must for any organisation.

Find out more here.

Penetration Testing

Penetration testing (or pen testing) is a process whereby an expert ‘ethical hacker’ seeks to gain access to your systems, revealing areas of weakness and making suggestions for improvements.

We offer black-box (‘blind’) tests, white-box (full disclosure) tests, or something in between, according to your requirements.

View our range of penetration tests >>

 

As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Clients can rest assured that the work will be carried out to high standards by qualified and knowledgeable individuals.

 

ASV Scanning

Scanning by an Approved Scanning Vendor >>

Software penetration tests

What is a software test?

In the same way that network infrastructure needs testing to audit its security defences, software also requires testing. Whether it is an application, operating system, web application or mobile application, the coding can contain errors that allow malicious users to affect the security of the organisation’s assets.

What is the difference between a software penetration test and a software vulnerability assessment?

A software penetration test will attempt to exploit the identified vulnerabilities using the same tools and techniques as an attacker in order to gain access to or ownership of the application. A vulnerability assessment identifies an organisation’s attack surface area and security posture.

When do you need a software test?

After social engineering, attacks on software are the next serious threat to an organisation’s security. Software attacks can affect the confidentiality, integrity and availability of services and the data they rely on.

What exactly can you expect from a software test?

  • Consultation
  • Scoping
  • Reporting

Please note: Software testing does not include code review, which is a separately billable service.

Security audits

What is a security audit?

A security audit is a service offered in which IT Governance conducts a security review of a product – either a hardware or software product. The review focuses on the security aspects of the product, and produces a report outlining how the product’s security profile matches requirements. This service covers:

  • Build reviews
  • Application reviews

When do you need a security audit?

A security audit is recommended when you are considering purchasing a new product, or before the rollout of a new service or product. In particular, a build review should be conducted for a new build of a server or workstation before rolling out the installation across the organisation.

What exactly can you expect from a security audit?

  • Consultation with the client
  • Scoping of your requirements
  • Testing and reporting

Please note: This is not a fixed-price service and is dependent on the scope that will be determined in consultation with the client. The review can include all common operating systems.

Cookies audits

What is a cookies audit?

A cookies audit is an examination of your organisation’s website that identifies all cookies and other mechanisms of retaining visitors’ information in order to determine whether the site complies with the EU’s Privacy and Electronic Communications Regulations (PECR).

When do you need a cookies audit?

A cookies audit should be undertaken on any UK or EU website to ensure it complies with EU and UK regulations covering the identification of website visitors. The audit should be conducted after changes and updates to ensure new cookies not covered by previous audits are identified and added to the site’s cookie policy.

Our PECR Cookies Audit Service quickly and cost-effectively identifies the cookies that your site downloads onto visiting computers, and provides specific guidance on the steps that you should consider in order to meet the compliance requirements of the new cookie law, the revised PECR.

Architecture reviews

What is an architecture review?

An architecture review is a security review of an organisation’s infrastructure to determine its security posture. It will identify weaknesses within the architecture and make recommendations for improving the security posture and reducing the attack surface area.

When do you need an architecture review?

This type of service is recommended during the deployment of new infrastructure architecture or after changes and upgrades have been made.

What exactly can you expect from an architecture review?

  • Consultation and scoping of the test requirements
  • Testing and reporting
  • Post-test consultation

Please note: Architecture reviews are focused on auditing the infrastructure. Business continuity and disaster recovery aspects are not included in the test but can be offered as a separate service.

Why use IT Governance?

All IT Governance projects are undertaken by in-house, qualified pen testers who are passionate about their jobs and delivering the best possible results. IT Governance delivers cost-effective, honest and independent advice to protect businesses from information theft and data breaches, by drawing on wide expertise and years of experience facilitating compliance with international standards such as ISO 27001 and the PCI DSS.

All IT Governance projects are undertaken by in-house, qualified pen testers who are passionate about their jobs and delivering the best possible results. IT Governance delivers cost-effective, honest and independent advice to protect businesses from information theft and data breaches, by drawing on wide expertise and years of experience facilitating compliance with international standards such as ISO 27001 and the PCI DSS.

  • IT Governance is a CREST member, meaning that we meet the rigorous standards mandated by CREST.
  • We possess information security expertise that comes from our longstanding involvement in pen testing, PCI DSS and ISO 27001 compliance projects.
  • Our pen testers are fully qualified and experienced, and have been subject to extensive CV and other regularly conducted internal checks.
  • We use best-practice methodologies – our security testing service is delivered in line with the best-practice OSSTMM methodology, developed and published by ISECOM.

live chat support software