The Council for Registered Ethical Security Testers (CREST) has awarded accreditation to the team for penetration testing – a key element of any cyber security strategy and technical risk management.
For ease of accessibility, the video above is detailed in the article below.
What is CREST?
An international membership body supported by the UK government, CREST is tasked with upholding the quality, ethics and professionalism of cyber security providers, and membership demonstrates that organisations are competent, reputable and following industry best practice to deliver world class services.
Membership is renewed annually by re-signing the code of conduct and submitting documentation to demonstrate that all standards have been maintained, if not exceeded.
What is penetration testing?
An exercise undertaken by a cyber security specialist or ethical hacker, known as a penetration tester, which aims to provide assurance that the technical controls they have in place are adequate to prevent a cyberattack or breach.
The tester will a use a combination of specialist techniques and verified tools to gain access to a network or application, with the goal of finding out just how far they can get and what they can access.
By replicating the actions of an attacker in a safe and controlled manner, the penetration tester can demonstrate each step they took and show an organisation just how they were able to circumvent the current controls, then make recommendations for what should be put in place to prevent a real-life attacker impacting their business.
This goes above and beyond a vulnerability assessment highlighting theoretical risks, instead providing real world context and impact of technical threats, as well giving organisations a ‘live fire’ exercise to effectively evaluate their defences against known attack techniques.
How did you become CREST accredited in penetration testing?
Any organisation wanting to become accredited must demonstrate that they are competent, qualified and have a methodology that encompasses the strict quality requirements of what should be involved in a CREST penetration test.
We needed to submit quality of service references from clients and our formal methodology to be rigorously vetted. When CREST was satisfied that we met the strict of being a CREST certified organisation, we were able to display the badge of honour on our website, demonstrating our skills and credibility in the service offering.
What does that mean for Waterstons?
Head of Cyber Assurance, Craig Archdeacon explains: “The badge shows the world that we are among the best and meet the high-quality standards that all CREST expects of certified members.
“Our clients demand the best, especially when it comes to penetration testing and cyber security, and we’re now proven to be just that, not only in skill but also in service.
“Penetration testing is a really important part of any cyber strategy as it demonstrates how far your systems and organisation can be compromised by hackers – the first step in knowing what you need for an effective resilience activity.
“This award comes after our Cyber Security Operations Centre (SOC) received CREST certification in May 2021, and has been delivering 24 hour CREST quality assured support and security operations services to clients ever since.”