The demand for expert advice and security testing is constantly rising. At the same time, there are many providers entering the market which offer a variety of services and tools, promising absolute security. This simply does not yet exist in this form. It has become difficult to choose a suitable provider or partner to take care of critical cybersecurity issues.
Certifications based on internationally recognized and prevalent standards are an accepted means of encouraging binding quality features which can be verified by customers and partners.
“It’s really important to us that both market players and customers are able to tell if they are dealing with a provider of information security services and products, who places value on high standards and who is able back them up with certifications. We, the SEC Consult Group, align ourselves with the international standard ISO 27001 certification and the CREST certification, which is aimed at both companies as well as individual consultants. We consistently invest in the education and training of our staff and encourage them to become certified in accordance with international standards,” says Michael Ganzwohl, CEO SEC Consult Asia Pacific.
Standardized security – what are ISO 27001 and CREST?
The international ISO 27001 standard provides companies with a systematic structured approach to information security and describes the requirements for implementing and operating an information security management system. This standard also encompasses the analysis and handling of the risks to information security.
Long established and required of companies in Asia, though less widespread in Europe, is the CREST certification, which also supports and represents the market for technical information security. It is an internationally recognized accreditation for organizations and professional certification for individuals who offer services in penetration testing, cyber incidence response, threat intelligence and security operations center (SOC). International credibility, as well as access to industry-leading guidelines, standards and opportunities to exchange and improving expertise are just a few examples of the benefits of a CREST certification.
For this reason SEC Consult has recently extended the long-existing certification for penetration testing to include incident response to Asia and Europe. The certification will apply both to companies and designated specialists. Consequently, this makes SEC Consult one of only 30 companies worldwide – of which only 5 in Europe – which have this certification.
Regular security checks are the basis
Penetration testing has established itself as an efficient method of creating a secure IT environment. Distinct pentests with different detailing stages and approaches such as black-box, gray-box or white-box are performed according to project size. These differ essentially in the quantity of information available to the user who is going to test the application or network. It is important to identify potential entry points and weaknesses from an attacker’s point of view. Only then is it possible to draw up appropriate measures and proposals in order to improve the existing security concept and security level.
However, pentests are only a snapshot of the current state of a system or application. SEC Consult therefore recommends regular check-ups, because minimal changes in a previously verified environment can open new attack vectors.
SEC Defence — incident response
Prevention is only one side of the coin: if, despite all the caution, an emergency situation arises, it is vital for companies to have experts on their side who are up to dealing with the threat. As a certified incident response and incident handling provider, in the event of a crisis the SEC Defence team is ready to take rapid action either on-site or remotely anywhere in Europe. The Rapid Response Squad (the SEC Defence Blue Team unit) takes the necessary countermeasures together with the respective organization in order to minimize damage and restore regular operations as quickly as possible.
One thing is certain: the next attack is bound to follow.
In emergencies, the SEC Consult experts in our Blue and Red teams are on hand to provide you with global support by performing security checks and simulations and by minimizing possible damage.