G-Cloud Definition of Services Security Penetration Testing



Similar documents
93% of large organisations and 76% of small businesses

External Supplier Control Requirements

UF IT Risk Assessment Standard

Four Top Emagined Security Services

Protecting your business interests through intelligent IT security services, consultancy and training

Third Party Security Requirements Policy

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

External Supplier Control Requirements

Specialist Cloud Services. Acumin Cloud Security Resourcing

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Data Security Concerns for the Electric Grid

Managing IT Security with Penetration Testing

Information Technology Security Review April 16, 2012

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

A HELPING HAND TO PROTECT YOUR REPUTATION

Network & Information Security Policy

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

Payment Card Industry Data Security Standards.

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

IBM Managed Security Services Vulnerability Scanning:

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

How To Manage Security On A Networked Computer System

Attachment A. Identification of Risks/Cybersecurity Governance

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Enterprise Computing Solutions

ICANWK406A Install, configure and test network security

AUTOMATED PENETRATION TESTING PRODUCTS

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

IT Security Testing Services

SECURITY CONSIDERATIONS FOR LAW FIRMS

Information Security Services

SecurityMetrics Vision whitepaper

Technology Risk Management

Secure Code Development

1B1 SECURITY RESPONSIBILITY

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

developing your potential Cyber Security Training

Passing PCI Compliance How to Address the Application Security Mandates

Accelerating PCI Compliance

KeyLock Solutions Security and Privacy Protection Practices

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Cyber Essentials Scheme

Network Security Audit. Vulnerability Assessment (VA)

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

IPL Service Definition - Data Recovery, Conversion and Migration

Information Technology

Penetration Testing //Vulnerability Assessment //Remedy

Secure Web Applications. The front line defense

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Introduction p. 2. Introduction to Information Security p. 1. Introduction

Lot 1 Service Specification MANAGED SECURITY SERVICES

Procuring Penetration Testing Services

RISK ASSESSMENT GUIDELINES

Course Title: Penetration Testing: Communication Media Testing, 1st Edition

UF Risk IT Assessment Guidelines

IBX Business Network Platform Information Security Controls Document Classification [Public]

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Guide to Vulnerability Management for Small Companies

ESKISP Conduct security testing, under supervision

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

Security for NG9-1-1 SYSTEMS

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

SPEAR PHISHING UNDERSTANDING THE THREAT

INFORMATION SECURITY TESTING

HIPAA Security & Compliance

Cyber Essentials. Test Specification

LogRhythm and NERC CIP Compliance

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

INFORMATION SECURITY FOR YOUR AGENCY

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Nine Steps to Smart Security for Small Businesses

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Payment Card Industry Data Security Standard

Cyber R &D Research Roundtable

Global Security Report 2011

Application Security in the Software Development Lifecycle

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

How To Protect Your Credit Card Information From Being Stolen

Introduction to Cyber Security / Information Security

Evaluation Report. Office of Inspector General

Unit 3 Cyber security

Guide to Penetration Testing

5.5. Penetration Tests. Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council

Cyber Security Management

SECURITY. Risk & Compliance Services

Transcription:

G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence

G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We are renowned for our excellence in the penetration testing of critical government and large corporate systems. As well as providing the probability and impact of exploitation in reports, Inner Security provides a business impact. Inner Security issues this additional information due to vulnerabilities and threats being at a different risk levels dependent on the business function of our clients. Penetration testing is at the core of our business. However, this strong technical capability and our experience in risk mitigation has enabled us to offer a broad range of complementary services. These provide great business value to our clients. Our credibility is demonstrated by our sector accreditations and by our track record in delivering business value to our prestigious blue chip client base. These include both FTSE 100 and FTSE 250 companies. Our clients are from a diverse range of business sectors including government, finance, retail, information technology and telecommunications. We do not employ a sales force. Our business is built upon our strong reputation within the industry and the development of long term relationships with our clients, based upon mutual trust and respect Information Assurance Inner Security is a CREST registered company and are accredited to work at Impact Level 3 Tender and Scope Procedures Inner Security work to a detailed and thorough tender and scoping procedure, the details are found within the document named below (this can be found in the C-Cloud catalogue). The Inner Security Pre-scope Questionnaire and Scoping Template will be issued at the point of tender: Inner Security Tender and Scope Procedure IS-GC3-08 All reporting will be in accordance with the Inner Security Report Template. This is designed to provide a high level Executive Summary, as well as a detailed technical report. Our reports highlight the Business Impact that vulnerabilities may have on your organisation. A template of this report is available on request.

Pricing The day rates charged by Inner Security can be found in the table below as well as in the document Inner Security SFIA Rate Card IS-GC3-09 : Our Services Inner Security will be offering services as part of Lot 4 through the Government s G-Cloud services. Penetration testing helps to safeguard your organisation from malicious intent. The business benefits include: i) Avoiding cost of network downtime Recovering from a security breach can be extremely expensive due to IT remediation, reduced employee productivity and lost revenue. Penetration testing identifies and addresses risks before security breaches occur. Preserve corporate image A single incident that compromises customer data can be costly. Penetration testing helps to avoid incidents that put your organisation's reputation and goodwill at stake. Cyber security insurance Security testing is becoming a pre-requisite in obtaining cyber security insurance. Network Infrastructure penetration test (Internal/External) Identifying vulnerabilities such as full administration access gained through the exploitation of running network services. Application penetration test (Internal/External) Testing for example, that administration access cannot be achieved through by-passing authentication procedures. Internet exposure penetration test (Information Disclosure) Testing for sensitive company information that may be available on the internet. Social engineering assessment Testing employees' susceptibility to the disclosure of sensitive company information Physical security assessment Testing the robustness of the access mechanisms that protect company assets.

Wireless Penetration Test Attempt to gain access to your wired network through rogue access points in the wireless network. VOIP Penetration Test This will identify any routes from your VIOP network into the main IT network (this can allow external access into your IT infrastructure) On-host and infrastructure security test mapped to security policies This test is designed to reveal missing patches, blank passwords and other vulnerable areas of security settings. It also examines the implementation of the company security policy at the technical level. VPN (virtual private network) assessment Testing for flaws in authentication mechanisms and the configuration state to ensure that network boundaries are not compromised by the external VPN Code review This review tests for 'back doors' into your system. For example, we check for buffer overflows and developer hooks that could lead to systems being compromised. Firewall assessment technical and physical audit review Testing your firewall effectiveness and ensure that it meets the standards set by security policies. This can prevent dangerous services traversing the firewall from the internet. Mobile device assessment (including Bring Your Own Mobile) Testing mobile devices for assurance of data security, ensuring that sensitive data is properly encrypted. This protects you against data compromise in the event of loss or theft of the device. Denial of service assessment This assesses the resilience of your network to attack from external sources, for example a DDOS attack. This type of attack can render your services unable to operate effectively. Training All Inner Security consultants are all qualified to industry standards and are responsible for updating their professional development within their specialist areas. They follow the Inner Security Methodology (accredited by CREST) and adhere to the requirements laid down by the company. In addition, Team Meetings and debriefs are designed to disseminate and update colleagues about new initiatives and developments. Where specified within the Inner Security Scoping Document, consultants will undertake to ensure that training requirements are met. The efficacy of the training provided can be evaluated via the Inner Security Client Feedback Questionnaire. Ordering and Invoicing Following a successful tender, scope and quotation, Inner Security will commence work in line with the agreed Scope of Work on receipt of a Purchase Order. Invoices will be issued and payment is required within 30 working days. Further Clarification of these terms can be found in the document: Inner Security Terms of Business IS-GC3-07

Termination of Contracts Please refer to the document: Inner Security Terms of Business IS-GC3-07 Client Responsibilities Please refer to the document: Inner Security Terms of Business IS-GC3-07 Service Levels Service levels and availability are highlighted on our rate card. In the unlikely event that Inner Security do not meet the required standard of service this is covered in our Terms of Business. The following services are not provided by Inner Security in respect of G-Cloud Services: Data restoration / service migration. Trial Services. Back-up and Restore.

----End of Document----

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information