IT Governance announces 50% discount on its CREST-accredited pen testing services for a limited time only
ELY, UK, December 12, 2013 /EINPresswire.com/ -- IT Governance Ltd, the fast-growing cyber security services provider and a CREST member company, has announced 50% discount off its CREST-accredited pen testing services if booked before the end of December 2013.
Regular pen testing of web and network systems represents basic cyber security hygiene and is an important requirement for a number of standards and frameworks including ISO 27001 and PCI DSS.
Geraint Williams, QSA and Senior Consultant at IT Governance, says: “The majority of organisations still fail to understand why pen testing is so crucial. Let’s put it this way: you wouldn’t leave the front door of your house open so that anyone could come in. In the same way, you shouldn’t be allowing weaknesses in your infrastructure to be exploited by cyber criminals and your systems to be penetrated.
“It is hard to get visibility of vulnerabilities in your systems and processes. Whilst a visual check of your house will identify any open windows and doors, for cyber security you need to have vulnerability scans and penetration testing conducted to see the problems within your organisation.”
Geraint adds: “Social engineering is a big threat to companies as it often bypasses the stronger perimeter controls and exposes less protected internal assets. It is targeted at company’s employees and they are often the weakest link.”
Penetration testing is important for the following key reasons:
• To determine the weakness in the infrastructure (hardware), application (software) and people in order to develop controls
• To ensure controls have been implemented and are effective – this provides assurance to information security and senior management
• To test applications that are often the avenues of attack (applications are built by people who can make mistakes despite best practices in software development)
• To discover new bugs in existing software (patches and updates can fix existing vulnerabilities, but they can also introduce new vulnerabilities)
Pen testing should be conducted regularly to detect recently discovered or previously unknown vulnerabilities. The minimum frequency depends on the type of testing being conducted and the target of the test. Testing should be at least annually, and maybe monthly for internal vulnerability scanning of workstations. Standards such as the Payment Card Industry Data Security Standard (PCI DSS) recommend intervals for various scan types.
Pen testing should be undertaken after deployment of new infrastructure and applications as well as after major changes to infrastructure and applications (e.g. changes to firewall rules, updating of firmware, patches and upgrades to software).
Organisations can take advantage of the 50% discount on IT Governance’s CREST-accredited pen testing services by calling + 44 (0) 845 070 1750 or by sending an email to servicecentre@itgovernance.co.uk.
More information on IT Governance’s pen testing packages available here: www.itgovernance.co.uk/penetration-testing-packages.aspx.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
Regular pen testing of web and network systems represents basic cyber security hygiene and is an important requirement for a number of standards and frameworks including ISO 27001 and PCI DSS.
Geraint Williams, QSA and Senior Consultant at IT Governance, says: “The majority of organisations still fail to understand why pen testing is so crucial. Let’s put it this way: you wouldn’t leave the front door of your house open so that anyone could come in. In the same way, you shouldn’t be allowing weaknesses in your infrastructure to be exploited by cyber criminals and your systems to be penetrated.
“It is hard to get visibility of vulnerabilities in your systems and processes. Whilst a visual check of your house will identify any open windows and doors, for cyber security you need to have vulnerability scans and penetration testing conducted to see the problems within your organisation.”
Geraint adds: “Social engineering is a big threat to companies as it often bypasses the stronger perimeter controls and exposes less protected internal assets. It is targeted at company’s employees and they are often the weakest link.”
Penetration testing is important for the following key reasons:
• To determine the weakness in the infrastructure (hardware), application (software) and people in order to develop controls
• To ensure controls have been implemented and are effective – this provides assurance to information security and senior management
• To test applications that are often the avenues of attack (applications are built by people who can make mistakes despite best practices in software development)
• To discover new bugs in existing software (patches and updates can fix existing vulnerabilities, but they can also introduce new vulnerabilities)
Pen testing should be conducted regularly to detect recently discovered or previously unknown vulnerabilities. The minimum frequency depends on the type of testing being conducted and the target of the test. Testing should be at least annually, and maybe monthly for internal vulnerability scanning of workstations. Standards such as the Payment Card Industry Data Security Standard (PCI DSS) recommend intervals for various scan types.
Pen testing should be undertaken after deployment of new infrastructure and applications as well as after major changes to infrastructure and applications (e.g. changes to firewall rules, updating of firmware, patches and upgrades to software).
Organisations can take advantage of the 50% discount on IT Governance’s CREST-accredited pen testing services by calling + 44 (0) 845 070 1750 or by sending an email to servicecentre@itgovernance.co.uk.
More information on IT Governance’s pen testing packages available here: www.itgovernance.co.uk/penetration-testing-packages.aspx.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
Desi Aleksandrova
IT Governance
+44 (0) 845 070 1750
email us here
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.