Alan Stewart, ICT Consultant

Penetration Test Overview

A lot of companies are confused about Penetration testing.  Precept Senior ICT Consultant sets out below, what all the fuss is about.

In few words our penetration testing will ensure that your IT systems and information, whether complex or not, are more secure.

We have delivered IT Health Checks/Penetration Tests on a regular basis to many organisations including Central Government, Local Authorities, NHS, Fire and Rescue Services, Airports, Charities, Banks and Corporates, enabling them to satisfy their IT Security compliance requirements, whether it be for PSN Code of Connection, PCI DSS or ISO 27001.

We do offer different types of testing in order to cover business needs of any size and type:

External – The purpose of this Test is to ensure that your Company’s IT systems are secure from any internet based attack

Our investigations for the above test could include any of the following: external network testing, remote access review, website testing, web application testing, mobile application testing or source code review.

Internal – Performed on the servers that form your internal network. The assessment reveals any potential issues that may allow a server to be compromised by a user already on the internal network.

Our investigations for the above test could include any of the following: Internal infrastructure testing, desktops/laptops or workstations review, servers review, wireless vulnerability assessment, VOIP or Mobile Device testing

360Social Engineering – Environment and people vulnerabilities can be a larger threat than network and IT vulnerabilities.  Social Engineering test will identify any vulnerabilities in the areas targeted: Remote Social Engineering, Perimeter & Internal Security Review, Physical Building Access or Obtain access to a work position and or the server room.

Initially, prospective clients receive a full proposal with a scope of work, testing strategy, methodology and cost quotation. This is designed in a modular fashion so that an organisation can tailor it to their specific needs, objectives and budget. Our methodology is based on ISEC OSSTMM and CESG CHECK standards. The testing will be carried out to ensure `Security Best Practice’ is in place and to reduce the risk of an attack which could cause reputational damage.

Benefits of using Precept IT as a Penetration Testing provider:

  • Ensure ‘Security Best Practice’ is in place in your business
  • Agreement between customer and tester outlining the authorised scope to test
  • On-going support – your dedicated Account Manager and Tester available to you before, during and after testing
  • Quick reporting time – receive report within just 3 days
  • In-depth report including a Management Overview, Technical Overview and full post-testing remediation solutions – suitable for each department in your company (IT, Management, Administration)

Our report – findings will be represented in three sections:

  • Management Overview – plain English description of discovered vulnerability and the potential business impact with an easy to understand table showing vulnerabilities.
  • Technical Overview – section for technical managers which aims to assist in the prioritisation of patching and resolving any issues found.
  • Full Technical – this section of the report is intended for technical personnel and will include full details of all vulnerabilities found, how they were exploited and a route map with detail fixes for remediation where appropriate.

To speak to Alan Stewart about Penetration Tests for your organisation call our office on 0800 122 3010 or email info@preceptit.com