05 May 2009
Many organisations are now using internet connected systems to interact with their members or customers and whilst bringing considerable benefits, this can also introduce significant security risks. Hardly a week seems to go by without hearing about yet another security breach at some high profile organisation.
Internet facing systems must be treated as a high risk by IT departments and therefore special consideration should be given as to how they are managed from a security perspective. Hackers spend considerable time scanning the Internet for vulnerable systems and once discovered can compromise them in a matter of minutes. This could result in financial loss, non compliance or bad PR for an organisation.
Security testing
A common way of checking for security vulnerabilities of Internet exposed systems is to regularly conduct a special kind of security audit called a penetration test. This type of test should be carried out regularly by a specialist company which is accredited to either the CHECK or CREST schemes (both schemes require that the testing companies maintain strict ethical standards, use certified individuals and are externally vetted).
A typical engagement would define which systems are tested, how they are tested (for example, with the use of automated testing tools and whether or not they would have an effect on system availability during the test) and how the results would be presented back to the client. The outcome of the test would either provide reassurance that the systems are secure or the work necessary to mitigate the identified risks.
For further advice or information, please contact Simon Bulleyment, Director of haysmacintyre IT Consultants Ltd.
Simon Bulleyment
director, HMITC | 020 7969 5675
sbulleyment@haysmacintyre.com
newsletter sign up
If you would like to be included on our mailing list to receive regular updates,
please take a few minutes to fill in our newsletter
sign up.