Ely, England, 16 June 2011 – IT Governance Ltd, the global leader in ISO27001 and information security products and services, warns organisations to conduct penetration testing on their systems, as it is the only effective measure to ensure their networks and applications are genuinely secure against today’s automated cyber attacks.
Recent data breaches have shown that all types of organisation are vulnerable to cyber attacks. Global organisations such as Google, Sony and Citibank were only a few of the victims targeted by hackers. Even the US Senate and the International Monetary Fund (IMF) have been targeted.
Often the penetration is carried out through a ‘spear phishing attack’. Typically, this is where an employee is lured into clicking on a link to a malicious website or downloading a file loaded with malware. The human factor adds to the vulnerability to organisations and this only confirms that cyber attacks are a risk for every business, of any size.
Routine penetration testing at regular intervals is a compulsory requirement to ensure that an organisation’s networks and applications are secure, enabling them to maintain compliance with standards such as ISO27001 and PCI DSS.
Larger organisations are more likely targets of cybercriminals. If they have had no major changes to their website or IT system over a period of 12 months they should conduct a penetration test on a quarterly basis (4 per year). On the other hand, penetration test should be performed after every major installation or reconfiguration of a network infrastructure, particularly if this involves firewalls and dedicated security sub-systems.
Smaller organisations are more likely to be hit accidentally by cybercriminals or an automated attack, but for these such attacks are likely to be more significant and damaging. It is recommended that smaller organisations conduct a penetration test on an annual basis (1 per year), but not less than that.
As a company which is an established authority in all ISO27001 and information security matters, IT Governance approach penetration testing using their extensive knowledge of hacking methodologies to: simulate malicious attacks, identify the key vulnerabilities and recommend appropriate remedial activities. Organisations which chose IT Governance penetration testing service will get in return a complete solution for the efficient and routine testing of their IT system as well as a comprehensive report indentifying vulnerabilities and recommended remedial activity. One of the biggest benefits to organisations is that they can agree the scope of testing delivered for known and fixed benefits.
Alan Calder, CEO of IT Governance, comments, “We can start on this work almost immediately and, for most organisations, offer this service at a lower cost than many of our competitors. There shouldn’t by anything complicated or mysterious about security assurance and that’s why we’ve clearly described our testing activity and made fixed-price packages available that can be purchased almost as easily as a book!”
Penetration testing packages, which include a full test report and detailed guidance on remediation, for a website or for a small network, are available for a limited time only at the special price of just £1,950 each.
Find out more or purchase online: www.itgovernance.co.uk/penetration-testing-packages.aspx. You can also contact the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can purchase penetration testing packages with a Purchase Order either by telephone or by email to firstname.lastname@example.org.