Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | Pen Testing is Broken & Companies Are Being Failed by Once-a-Year ReportingCNS Group's Information Assurance Division Announces Next-Generation Pen Testing
By: CNS Group For these organisations, the traditional, once-a-year pen-test is most problematic. CNS believes unwieldy spreadsheets and a lack of communication between the business and IT are leaving organisations with exposed business-critical information, while resource is spent on ineffectual fixes. In short, the traditional pen-testing model is no longer effective, particularly in handling the complexities of larger organisations’ “Penetration testing is broken and needs reinventing” CNS will include business criteria in its Next Gen Pen Testing. For example, data loss may be more important to an organisation than a denial of service attack, or the IP addresses in HQ may be more critical than those in a branch office. With this knowledge from the business, the cyber security team can assign appropriate risk scores and ensure the business-critical issues get fixed first. Tim Collinson, Information Security Manager at legal firm, Bird & Bird explains, “For us the value of next-generation pen testing is in the management of risk. We can combine business input with the technical experience of the pen testers, by attributing risk scores to any issues. This means we can weight and prioritise the outcomes, pulling things up the list if needs be. Secondly, the job of resolving these issues can be assigned and tracked automatically, with fixes being retested by CNS Hut3 once they’re complete. It takes the legwork out of manually tracking resolutions, making it easier to monitor progress”. CNS Group’s Next Gen Pen Testing will relieve Chief Information Security Officers of the annual stress test and offer ongoing risk management. It will: Create joint priorities with business and IT. Carry out a full, manual penetration test to establish a base line. Present pen test results via an online client portal, so that risk can be viewed across the whole organisation. This will include a proprietary, interactive, analytics dashboard displaying key trends and statistics. Create risk scores, the CNS Valuable Impact Score, and give issues a business context. Assign issues and monitor progress, including drilling down into technical detail. Include ability to upgrade risk. Provide continual retesting and updates on changes. CNS believes Next Gen Pen Testing is necessary to give context to not only keep pen test findings relevant and fresh, but make them easily actionable. In addition, Next Gen Pen Testing makes it possible to attribute resources for issue remediation sensibly and ultimately makes the data presented in penetration testing reports manageable. As Edd Hardy concludes, “our Next Gen Pen Testing is like our old pen testing, but better”. ------------ About CNS Group CNS is a specialist cyber security consultancy, specialising in information assurance and InfoSec services. Established in London in 1999, CNS Group’s customers today range from FTSE 100 and larger public sector organisations to SMEs. CNS’s clients are united by the importance of digital information to their businesses and by their need for pragmatic, knowledgeable help in securing their systems and data, as well as meeting their compliance remits. CNS Group is an ISO27001 accredited organisation and are ISO27001 Lead Auditors, Payment Card Industry Qualified Security Assessors (QSA), CESG CHECK & CLAS and are accredited with all relevant industry and governmental bodies. CNS Group provides IL2, IL3 & IL4 (OFFICIAL SENSITIVE) managed security operating centre (SOC) solutions and services. For more information please see www.cnsgroup.co.uk. End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|