Pen Testing is Broken & Companies Are Being Failed by Once-a-Year Reporting

CNS Group's Information Assurance Division Announces Next-Generation Pen Testing
By: CNS Group
 
Feb. 25, 2015 - PRLog -- London, 25 February 2015. Cyber security consultancy CNS Group (http://www.cnsgroup.co.uk/) has launched next-generation pen-testing to bring actionable risk remediation back to penetration testing. The information assurance division of CNS Group, CNS Hut3, is aiming this new service at large businesses with multiple IP addresses and offices.

For these organisations, the traditional, once-a-year pen-test is most problematic. CNS believes unwieldy spreadsheets and a lack of communication between the business and IT are leaving organisations with exposed business-critical information, while resource is spent on ineffectual fixes. In short, the traditional pen-testing model is no longer effective, particularly in handling the complexities of larger organisations’ operations.

“Penetration testing is broken and needs reinventing”, says Edd Hardy, head of CNS Hut3, the information assurance division of CNS Group. “Too often security fixes are irrelevant or never get done. A year rolls round, the pen testers discover the same old problems and the board wonders what it’s spent all that budget on, because the situation hasn’t improved. The problem is that risk ratings have tended to treat all issues as the same. In addition, CISOs often have no way of assessing the varying levels of effort involved in different fixes, and then no way of demonstrating improvement”.

CNS will include business criteria in its Next Gen Pen Testing. For example, data loss may be more important to an organisation than a denial of service attack, or the IP addresses in HQ may be more critical than those in a branch office. With this knowledge from the business, the cyber security team can assign appropriate risk scores and ensure the business-critical issues get fixed first.

Tim Collinson, Information Security Manager at legal firm, Bird & Bird explains, “For us the value of next-generation pen testing is in the management of risk. We can combine business input with the technical experience of the pen testers, by attributing risk scores to any issues. This means we can weight and prioritise the outcomes, pulling things up the list if needs be. Secondly, the job of resolving these issues can be assigned and tracked automatically, with fixes being retested by CNS Hut3 once they’re complete. It takes the legwork out of manually tracking resolutions, making it easier to monitor progress”.

CNS Group’s Next Gen Pen Testing will relieve Chief Information Security Officers of the annual stress test and offer ongoing risk management. It will:

Create joint priorities with business and IT.

Carry out a full, manual penetration test to establish a base line.

Present pen test results via an online client portal, so that risk can be viewed across the whole organisation. This will include a proprietary, interactive, analytics dashboard displaying key trends and statistics.

Create risk scores, the CNS Valuable Impact Score, and give issues a business context.

Assign issues and monitor progress, including drilling down into technical detail.

Include ability to upgrade risk.

Provide continual retesting and updates on changes.

CNS believes Next Gen Pen Testing is necessary to give context to not only keep pen test findings relevant and fresh, but make them easily actionable. In addition, Next Gen Pen Testing makes it possible to attribute resources for issue remediation sensibly and ultimately makes the data presented in penetration testing reports manageable. As Edd Hardy concludes, “our Next Gen Pen Testing is like our old pen testing, but better”.

------------

About CNS Group

CNS is a specialist cyber security consultancy, specialising in information assurance and InfoSec services. Established in London in 1999, CNS Group’s customers today range from FTSE 100 and larger public sector organisations to SMEs. CNS’s clients are united by the importance of digital information to their businesses and by their need for pragmatic, knowledgeable help in securing their systems and data, as well as meeting their compliance remits. CNS Group is an ISO27001 accredited organisation and are ISO27001 Lead Auditors, Payment Card Industry Qualified Security Assessors (QSA), CESG CHECK & CLAS and are accredited with all relevant industry and governmental bodies. CNS Group provides IL2, IL3 & IL4 (OFFICIAL SENSITIVE) managed security operating centre (SOC) solutions and services.

For more information please see www.cnsgroup.co.uk.

Contact
PR Savvy
***@prsavvy.co.uk
End
Source:CNS Group
Email:***@prsavvy.co.uk Email Verified
Tags:Pen Test, Information Assurance, Cyber Security, Risk Management, Remediation
Industry:Security, Technology
Location:London, Greater - England
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
PR Savvy PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share