IT security and compliance company, RandomStorm, is among the first companies to achieve CREST accreditation
CREST is a not for profit organisation, approved by the UK government to test and certify that information security companies are able to provide Cyber Essentials services. The CREST scheme is designed to provide consumers with confidence that the businesses that they deal with have the necessary defences in place to protect their information against the most common cyber threats. The test criteria cover information security best practices contained with the ISO 27001 standard and the Standard for Information Assurance for Small and Medium Sized Enterprises relating to the security of web services, internet connected devices, email and application servers. Organisations that have passed the assessment can display the Cyber Essentials badge to let their customers know that they have actively engaged in mitigating the cyber risk to their business and their customers’ information.
CESG, the Information Security branch of GCHQ, worked with CREST to develop the assessment framework. Commenting on the launch of the Cyber Essentials scheme in June, Ian Glover, president of CREST said: “Not all organisations have the resources available to invest in the most rigorous levels of information security and compliance. Cyber Essentials addresses this by creating a baseline for UK cyber security. By assembling and working with a forum of industry and technical experts, CREST has built an assessment framework optimised for the Cyber Essentials Scheme that will ensure organisations of all sizes and from all sectors can be properly and independently assessed to have the key technical controls in place to manage cyber risks.”
RandomStorm provides vulnerability scanning and intrusion detection products and penetration testing services to help companies to improve and continually maintain their security posture. The company is a CESG CHECK
Andrew Mason, co-founder and Technical Director of RandomStorm said: “As an existing provider of penetration testing services for PCI DSS, with a particular expertise in web application security, social engineering pen testing, wireless and network security, it is an natural extension for us to provide CREST assessment to help all businesses to improve their defences against hacking and cyber crime.”
For the CREST approved member companies visit – http://www.crest-approved.org/crest-member-companies/member-companies/index.html
