UK cyber security consultancy becomes one of the first to achieve STAR service provider status
Nettitude, the global leader in the delivery of cyber security testing, risk management, compliance and incident response services, has today announced that it is one of the first companies to be accredited to provide STAR (Simulated Targeted Attack and Response) services by the not-for-profit accreditation body, CREST, which represents the technical information security industry.
Working alongside the Bank of England (BoE), UK Government and industry, CREST developed the STAR framework to deliver controlled bespoke, intelligence-led cyber security testing. STAR incorporates advanced penetration testing and threat intelligence services to more accurately replicate cyber security threats to critical assets. Being part of the STAR scheme is also a prerequisite for membership of the BoE CBEST scheme that was announced earlier in the year and aims to provide assurance to the most critical parts of the UK’s financial services industry.
“Existing penetration testing services in the financial services sector do not address the more sophisticated cyber attacks on critical systems,” explained Ian Glover, president of CREST. “STAR is threat intelligence based and has been developed to replicate the behaviours of those serious threat actors that pose a genuine threat to the UK financial services sector.”
Having now been fully and successfully assessed against CREST criteria to supply STAR services, Nettitude can now offer the very highest level of simulated cyber attack services to its clients. As one of just four companies in the country that can currently offer security services at this level, Nettitude is fully committed to giving its customers the most rigorous and thorough understanding of any risks that their networks are exposed to and, ultimately, helping them to lock down any avenues of attack before they can be exploited by increasingly advanced and persistent cyber criminals. “Nettitude is extremely proud to part of the first tranche of CREST companies to be formally accredited under the STAR scheme,” said Rowland Johnson, Nettitude’s CEO. “We see the STAR scheme as a benchmark for delivering some of the most sophisticated and robust assurance in the industry today. Through procuring STAR services, organisations will have confidence that their testing programme uses current and up to date threat information to give a highly targeted assessment on their cyber security posture.”
CREST is a not-for-profit accreditation body that represents the technical information security industry. As part of this, CREST provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services. Member companies undergo a rigorous assessment and certification process that looks at methodologies, legal and regulatory standards, staff vetting and data handling. CREST qualified individuals have passed challenging professional level examinations that demonstrate their knowledge, skill and competence. Company assessments and individual qualifications are underpinned by a strict and enforceable code of conduct. All examinations and processes have been reviewed and approved by CESG, the Information Security arm of GCHQ. CREST has member companies in a number of countries and a formally established Chapter in Australia For more information, visit: www.crest-approved.org
Nettitude is a cyber security and risk management consultancy that provides businesses and public sector organisations with governance, risk management and compliance services. Counting many of the FTSE 350 among its customers, Nettitude specialises in helping companies and organisations that can least afford to fall victim to a security breach due to the value of the data they hold, or the strict compliance regulations governing their industries. Established in 2003, Nettitude has offices in Warwickshire, UK and New York, USA, from which it serves customers worldwide. It is one of only a handful of companies to hold prestigious accreditations in information security testing including CREST, CESG CHECK and CESG CLAS, as well as the Payment Card Industry Data Security Standard (PCI DSS). Nettitude’s specific services include penetration testing, PCI compliance, web application security testing and cyber incident response. For more information, visit: https://www.nettitude.co.uk/.
To contact Nettitude's editor, please email firstname.lastname@example.org.