IBM Penetration Testing Services



Similar documents
IBM Security in the Software Development Lifecycle

IBM Business Analytics Requirements Analysis and Planning

IBM Hosted Application Scanning

Customer Management - Cloud Transformation Services

IBM Mobile Strategy Accelerator

Data Centre Facilities Assessment, Design and Build. Service Definition. G Cloud V IBM Data Centre Facilities Assessment, Design & Build 1

HR Cloud IT Strategy. HR Cloud IT Strategy 1

Automated Cloud Environment Build Service

IBM G-Cloud Application Systems Management as a Service

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

IBM Web Server as a Service

Vulnerability/Penetration (PEN) Testing (Lot 4) Service: 5.G

Information Security Services

IBM Sterling Order Management

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

Protecting your business interests through intelligent IT security services, consultancy and training

IBM Smartcloud Managed Backup

IBM Transport Management System

Procuring Penetration Testing Services

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

BUILD YOUR CYBERSECURITY SKILLS WITH NRB

HP Cyber Security Control Cyber Insight & Defence

IBM Database as a Service

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

Specialist Cloud Services. Acumin Cloud Security Resourcing

Neocol E-Discovery Consulting Services

Information Security in Business: Issues and Solutions

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

Cybersecurity Strategic Consulting

WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

Cybersecurity and internal audit. August 15, 2014

Cyber Security Solutions

Cybersecurity. Considerations for the audit committee

Audit Capabilities: Beyond the Checklist. Niall Haddow, Business Leader Philip Young, Sr. IT Auditor Professional Strategies - Session S32

Digital Forensics G-Cloud Service Definition

DATA ANALYTICS SERVICES. G-CLOUD SERVICE DEFINITION.

ESKISP Manage security testing

Cloud Security Who do you trust?

Cyber Security Evolved

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Citrix XenApp Design & Implementation Service

Address C-level Cybersecurity issues to enable and secure Digital transformation

CBEST/STAR Threat Intelligence

Overview TECHIS Carry out security testing activities

Cloud Infrastructure Security Management

IT Security Testing Services

Growth Through Excellence

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

A NEW APPROACH TO CYBER SECURITY

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

Preemptive security solutions for healthcare

Securing the Microsoft Cloud

PENETRATION TESTING GUIDE. 1

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

CYBER SECURITY TRAINING SAFE AND SECURE

Government Procurement Service

How To Help Your Business Succeed

IBM Smarter Cities Cybersecurity Update

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

ISO Information Security Management Services (Lot 4)

G-Cloud Service Definition. Atos Security Professional Services SCS

This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV

IBM Digital Analytics

EC Council Certified Ethical Hacker V8

Cybersecurity The role of Internal Audit

Process Solutions. Staying Ahead of Today s Cyber Threats. White Paper

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Bio-inspired cyber security for your enterprise

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

IBM G-Cloud Microsoft Windows Active Directory as a Service

Guide to Penetration Testing

IBM QRadar as a Service

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Penetration Testing Services. Demonstrate Real-World Risk

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

PwC s Advanced Threat and Vulnerability Management Services

Security for the Cloud of Clouds

Developing National Frameworks & Engaging the Private Sector

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV

This image cannot currently be displayed. D-G4-L4-242 Strategic and policy data analytics (software as service) Deloitte LLP Service for G-Cloud IV

Thales Service Definition for NOC Services for Cloud

Cyber security Building confidence in your digital future

NNIT Cybersecurity. A new threat landscape requires a new approach

IPL Service Definition - Master Data Management for Cloud Related Services

D-G4-L4-094 Asset Management Systems Strategy and Roadmap Deloitte LLP Service for G-Cloud IV

developing your potential Cyber Security Training

A COMPLETE APPROACH TO SECURITY

Protecting Malaysia in the Connected world

Security Risk Management Strategy in a Mobile and Consumerised World

defense through discovery

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Cyber security Building confidence in your digital future

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business

Protecting against cyber threats and security breaches

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.

Transcription:

IBM Penetration Testing Services Service Definition IBM Penetration Testing Services 1

1. Summary 1.1 Service Description IBM offers a comprehensive set of Security Assessment and Penetration Testing services, providing services for organisations aligned with multiple market sectors and of various sizes. All IBM Security Services engagements are aligned to an agreed scope which defines the specific (and measurable) outcomes for all activities conducted within the assessment. As security threats evolve and new technologies emerge, data privacy and security must keep pace failure to protect critical assets can result in financial costs and damage to an organisation and its reputation. The role of security assessment (which includes penetration testing), is to provide an empirical assessment of security controls implemented within the target system. Importantly this allows developers, administrators and risk owners to develop an evidence-led view of security; based on the output provided by a technical security assessment. Our Penetration Testing services use highly experienced and qualified staff, registered with established and respected industry bodies (such as the TigerScheme and EC Council). At IBM, we offer a comprehensive penetration testing package that begins with controlled exercises to simulate covert and hostile attacks; it ends with specific guidance and recommendations for reducing risk and increasing compliance. Our service can provide: Network Discovery and Reconnaissance for extensive inspection of connected hosts and services; Perimeter and Internal Vulnerability Assessment for controlled exploitation of key vulnerabilities; Exploitation and Pivoting attempting to further penetrate the network and breach valuable or confidential data; Analysis and Remediation for detailed reports on findings and actionable recommendations; Research and Insight for on-demand access to global threat analysis service, including X-Force reports. IBM Penetration Testing Services 2

1.2 Service Characteristics Lot IBM G-Cloud Penetration Testing Services Applicability Contract Duration Contract Price Lead time to start Related Lot(s) /Offering(s) Any organisation that wishes to take measures to secure its business or client data against loss in the event of system outage or theft. Flexible to be agreed in the Call-Off Order Variable based on time and materials depending on agreeing, with the Contracting Authority, the resources required for the Call-Off Order, based on the IBM SFIA rate table. The price will be subject to VAT and out of pocket expenses incurred outside the M25. 2 weeks IBM Hosted Vulnerability Management (VMS) Cloud Security Assessment Risk Assessment & Accreditation Information Assurance Service 1.3 Why IBM IBM is a well-established, highly experienced Technology company with a strong practice of experienced information security professionals. Security represents one of IBM s Top 5 Strategic Initiatives established by and with the commitment of our Chairman and CEO Ginni Rometty, our Board of Directors and our Senior Executive team. This commitment ensures priority access to capital. Our mission is to serve as the trusted security advisor to corporations, institutions and governments around the world and offer our clients the most complete portfolio of end-to-end security capabilities available in the industry. To do this, IBM s has invested billions of dollars to date in order to: acquire some of the most sought-after security assets in the industry, build the most advanced network of global security operations centers, enhance our footprint of global research and development centers to innovate new security solutions, expand our global talent, and, most importantly, to create an integrated security intelligence network using next generation analytics. An important aspect of the IBM approach is integration with the client; in this way we seek to understand the context of our client s needs and to place them at the centre of our work. Our ability to deliver truly end-toend solutions means we operate at all levels across an organisation, placing our focus on identifying and solving the complex and evolving security challenges of our clients. In parallel with the work we undertake with our clients, IBM invests heavily in the defence and protection of its own assets; we use the experience and empirical learning this IBM Penetration Testing Services 3

brings to provide effective solutions for others in addressing the constantly changing landscape of information security threats and risks. Key aspects of IBM s security capabilities are: Dedicated penetration testers, certified to Industry standards including the TigerScheme and EC Council Certified Ethical Hacker (CEH); As a List X organisation IBM has a full time List-X Security Controller with access to the full Security Policy Framework. We work closely with Security Authorities to implement physical and personnel security as well as information security. As a result of this our CLAS consultants are able to advise on vetting and physical security matters, undertaking a Security Assessment for Protectively Marked Assets (SAPMA) where appropriate; Our approach to documenting and delivering information security controls, processes and procedures consistently is in accord with ISO27001/2. We have extended this with technical standards for implementation and configuration of security functions, based on our extensive experience of deploying solutions in high assurance environments. This approach, together with other applicable industry standards, including ISO/IEC27003, ISO/IEC 27005, SAS70, COBIT and ITIL, provides a unique integrated management system that fully meets specific security requirements; IBM has provided Assurance for a number of significant clients, including various levels of Government, so our consultants draw on a wealth of experience and are skilled at providing a custom-designed service. 1.4 Contact Contact Name Brian McGlone Title IBM UK Cloud Alliances Executive Address PO Box 41 North Harbour Portsmouth Hants, PO6 3AU Contact Email brian.mcglone@uk.ibm.com Contact Phone 07764290413 IBM Penetration Testing Services 4

2. Delivery 2.1 Context In an age where information is abundant and widely dispersed, growing threats from Cyber Security underline the necessity for organisations to implement measures that protect their sensitive data. The IBM service discussed herein focuses on building assurance of the technical controls an organisation implements to counter these threats. 2.2 What we will deliver IBM works closely with organizations to fully understand the context of the system under review; this is based on a set of comprehensive assessment activities that include all aspects of the solution architecture including technical measures, people and processes. This analysis seeks to determine the most appropriate information security controls, preventative controls and assurance activities for the system under test. IBM operates a single, consistent Security Assessment methodology for all cloud security engagements this is based on three fundamental phases: 1. Discovery; 2. Vulnerability Assessment; and 3. Penetration Testing. These phases are interlocked, such that each informs and guides the next, allowing for escalation and progression through the target system. Some of the aspects that we offer as part of our solutions are listed below: Network Discovery and reconnaissance Perimeter and internal probing Remote exploitation Analysis and remediation Research & insight In parallel with the security assessment activities, IBM Security Services hosts a range of information security professionals that span the strata of information security specialisms. The penetration testing services discussed herein can be blended with other Information Assurance services, providing an effective end-to-end service and Consulting model including wider services such as: Risk Management and Accreditation as a Service; IBM Penetration Testing Services 5

Information Assurance as a Service; Security in the Software Development Lifecycle (SSDLC). IBM places significant emphasis on the definition of Information Security controls that are practical, achievable and measurable in their effect. This includes forming a strategic view of the types of controls that will be required in the long-term; particularly when considering advanced and complex threats that evolve over time. 2.3 Commercials This will be a Time and Materials contract. However, following the first phase of work, there could be the opportunity to discuss the initial quote into either a Fixed Price or Risk/Reward based contract in order to provide increased flexibility for your organisation. Initial work will be carried out under the Strategy and Architecture category of the IBM SFIA rate table unless agreed otherwise. Follow on work will be under the appropriate category(ies) of the IBM SFIA rate table. The scope of work will be set out in the Call Off Order Form and agreed by both parties. Follow on services to enable you to complete implementation of cloud services can be provided by IBM. Details should be agreed via the Call-Off Order and priced using the IBM SFIA rate card. 2.4 Key Points Other key points to note are as follows: This offering is subject to availability of IBM resources. The Charges for this Service are on the basis that no Parent Company Guarantee is required. If one is required and agreed to by IBM then the Charges will be revised accordingly. For Fixed Price offerings, Travel and Subsistence (T&S) costs are included for work within the M25. For work outside the M25, T&S will be payable using the Contracting Body s standard T&S rates. The pricing and terms on individual call-off orders should be handled as commercially sensitive by the Contracting Body. Security standards will be agreed between IBM and the Contracting Body, and if necessary IBM will ask the Contracting Body to issue a Security Aspects letter as well as a scope document, including a Computer Misuse waiver, which should be signed. IBM Penetration Testing Services 6

The work is subject to IBM s Terms of Business, which are attached separately to this catalogue item. IBM Penetration Testing Services 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information