Security Testing

 

Tailored scoping with your
security concerns in mind

 

Reporting on security
issues important to you

 

Reports include management
and technical sections

 

Debrief sessions so that
you can understand the risks

The Security Bureau offer a range of security testing services to identify the vulnerabilities present in your IT systems. You will gain a more comprehensive understanding of the risks to your organisation when you combine the different types of security testing and integrate them with our consulting services.

Scoping

This is one of the most important stages in the process. The Security Bureau will propose an approach that meets your objectives and provides you with the assurance that you need. If you’ve never had a security test before we’ll guide you through the process, informed by our experience of companies in your industry sector.

The Testing

The thought of penetration testing taking place on your systems can seem unnerving. The Security Bureau involves you at every step keeping you informed of what we’re doing and how we’re doing it. We understand that you won’t want us to do anything that could harm your systems. If there is value in carrying out a specific test that has potential to impact your business, we can review this with you, and can carry out testing outside of your peak trading period (overnight or at the weekend).

What You Get

You’ll receive a report that is easy to read and understand. The Security Bureau writes security testing reports with different readers in mind.

For Technical People…
For those that need to remediate, each security issue identified has a description of the issue along with the evidence and a demonstration of how it was detected. Technical guidance or advice will be given on how to resolve each issue. We rank security vulnerabilities from high risk to low risk using an industry scoring system (CVSS) so that you know what to fix first to get the biggest impact and quick wins.

For Management…
A high level management summary is included to provide an overview of the risks for non-technical staff. It describes your main security concerns and your drivers for security testing and the outcomes of these. We will also suggest short, mid and long term security strategies to meet your security goals.

We are always happy to discuss the report or testing in further detail in a face to face meeting or a conference call, and can prepare presentations to explain findings to suit the interests and technical level of the audience.

We are a CREST accredited organisation and our penetration testing services are performed to a high standard. As part of our ongoing professional training we are constantly learning about new threats. As we familiarise ourselves with your systems and infrastructure we will be able to keep track of any security developments that are particularly relevant to you, and inform you of these.