What is penetration testing?
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities.
Pen tests are usually performed by ethical hackers, also known as white hat hackers, who use the same methods as malicious hackers, but do not actually exploit the vulnerabilities they find.
The ethical hackers' security testing report will help you choose the right cyber security controls for your organisation.
What is CREST?
CREST (the Council of Registered Ethical Security Testers) is an international accreditation and certification body for organisations and/or individuals within the technical information security market.
IT Governance is CREST certified for penetration testing and vulnerability scanning.
CREST ensures that accredited companies use the correct policies, processes, and procedures to ensure quality of service and protection of client information. These organisations are assessed annually to ensure they meet the necessary standard.
Should my organisation use CREST?
If you want to assess where you are most at risk, using a CREST-registered company such as IT Governance will assure you that you benefit from the expertise of highly skilled, knowledgeable, and competent testers.
All CREST member companies have been rigorously assessed to ensure they meet a high standard of engagement, using the most up-to-date methodologies to identify and test the latest vulnerabilities.
What is CHECK?
CHECK is the term for NCSC (National Cyber Security Centre)-approved penetration testing organisations and the methodology they use when testing.
CHECK services can only be offered by approved companies with experienced staff who hold NCSC-approved qualifications, and use methods recognised by the NCSC.
CHECK was developed for government departments, public-sector bodies and the organisations forming the UK’s critical national infrastructure.
Organisations in other sectors should use CREST.
Should my organisation use CHECK?
CHECK is required for government departments and their associated agencies:
- All systems processing data protectively marked ‘OFFICIAL’ will be assessed by organisations approved under CHECK.
- Requests for testing of systems processing data protectively marked ‘SECRET’ and above should be sent to the NCSC – which may recommend a CHECK organisation perform the task.
The NCSC strongly recommends that other public-sector bodies use CHECK companies “unless the system’s risk owner explicitly advises otherwise”.
Want to know more?
Enquire about CREST penetration testing
If you would like to know more about the CREST penetration testing services we can provide, please get in touch.
Get in touch