The information security company Portcullis Computer Security has been accepted into the CREST Cyber Security Incident Response (CSIR) Scheme. The scheme was established by CREST with CESG, the information security division of GCHQ, and the Centre for the Protection of National Infrastructure (CPNI), to create a set of standards for incident response when dealing with cyber security attacks, whether in the private or public sector.
Portcullis achieved CSIR certification based on its Cyber Threat Analysis and Detection Service (CTADS). The firm says that its service is designed to be intelligence-led, responding to state-sponsored ‘Advanced Persistent Threats’ (APT), criminally motivated attacks, hacktivism, or the more traditional incidents, including insider threat.
Ian Glover, president of CREST, says: “The CSIR scheme brings an added level of integrity and assurance to organisations looking for a security solution, in effect guaranteeing the expertise and competence of CSIR accredited vendors. As such, the accreditation process features stringent standards and is an involved and comprehensive process – not merely box ticking – to ensure that cyber security events are properly handled.”
And Tim Anderson, commercial director, Portcullis Computer Security, says: “This is a significant achievement for Portcullis. Portcullis was awarded this accreditation upon its first application to the scheme and we believe that this clearly demonstrates the validity of our approach and CTADS incident response service. In our approach we balance our technical capabilities with delivering exactly what the client needs, based on working with them to gain a complete understanding of their requirements and internal abilities. We focus on developing the best ways in which to deliver these skills so that the best, most effective solution is implemented.
“Throughout the application process it became clear that CREST placed great emphasis on these values, just as we do. The focus of the scheme is therefore on a high level of control and clear communication with the client, but allowing for significant freedom in the underlying engagement.”
About CSIR
The CSIR accreditation provides a benchmark that enables organisations to evaluate incident response, and gives added assurances that security companies have the skills and expertise to deliver the services.
Portcullis was participating in the CRESTCon and iisp Congress