IT security and compliance company, RandomStorm, has announced that it is among the first companies to achieve CREST accreditation for penetration testing and Cyber Essentials.
Part of the UK Government’s National Cyber Security Strategy, the Cyber Essentials Scheme aims to help SMEs to reduce the risk of cyber crime by offering accredited third party organisations to assess and advise them on their information security measures.
CREST is a not for profit organisation that is approved by the UK government to test and certify that information security companies are able to provide Cyber Essentials services.
The CREST scheme is designed to provide consumers with confidence that the businesses that they deal with have the necessary defences in place to protect their information against the most common cyber threats. The test criteria cover information security best practices contained with the ISO 27001 standard and the Standard for Information Assurance for Small and Medium Sized Enterprises relating to the security of web services, internet connected devices, email and application servers. Organisations that have passed the assessment can display the Cyber Essentials badge to let their customers know that they have actively engaged in mitigating the cyber risk to their business and their customers’ information.
CESG, the Information Security branch of GCHQ, worked with CREST to develop the assessment framework. Commenting on the launch of the Cyber Essentials scheme in June 2014, Ian Glover, president of CREST said, “Not all organisations have the resources available to invest in the most rigorous levels of information security and compliance. Cyber Essentials addresses this by creating a baseline for UK cyber security. By assembling and working with a forum of industry and technical experts, CREST has built an assessment framework optimised for the Cyber Essentials Scheme that will ensure organisations of all sizes and from all sectors can be properly and independently assessed to have the key technical controls in place to manage cyber risks.”
RandomStorm provides vulnerability scanning and intrusion detection products and penetration testing services to help companies to improve and continually maintain their security posture. The company is a CESG CHECK security consultancy and certified as a Qualified Security Assessor (QSA) and ASV by the Payment Card Industry Security Standards Council.
Commenting on RandomStorm’s CREST certification, Andrew Mason, co-founder and Technical Director of RandomStorm said, “As an existing provider of penetration testing services for PCI DSS, with a particular expertise in web application security, social engineering pen testing, wireless and network security, it is an natural extension for us to provide CREST assessment to help businesses to improve their defences against hacking and cyber crime.”