Penetration Testing
Organisations investing substantial sums in IT systems are rightly concerned to ensure that the security protecting those systems meets the highest standard achievable at the time. The irony is that these same organisations so often overlook a further critical point: applying equivalent standards to verification of the security’s continuing effectiveness.
Penetration Testing, a series of active tests designed to reveal any shortcomings in security, must be carried out by independent, competent personnel if it is to do its job thoroughly. In-house teams, however accomplished, tend naturally to absorb the culture of an organisation: an asset in developing customised systems, but a serious drawback when it comes to adopting the hostile mindset of an intruder. Automated packages are available, and are in widespread use by less specialist IT firms: the problem with these is that there is an infinite variety of permutations created by differences in operating platforms and configurations, which means that no ready-made solution can possibly cover all the angles.
CCC’s reviews, in addition to conforming to the required standards of detail and accuracy, are concise, user-friendly and come complete with an at-a-glance management summary. We pride ourselves on submitting recommendations that are intelligible, cost-effective and practical to implement.