Node4 has announced that CREST has certified the company as a global CREST penetration testing service provider. This certification affirms Node4’s expertise to conduct penetration testing for its customers, with the company also being Cyber Essentials and ISO27001 certified.
CREST provides an internationally recognised certification for companies providing Penetration testing, cyber incident response, and threat intelligence services. All CREST member companies undergo stringent assessment and rigorous professional-level examinations to demonstrate knowledge, skill and competence, giving customers confidence that the work will be carried out by qualified individuals equipped with the latest knowledge, expertise and competence to tackle vulnerabilities and techniques used by attackers.
“We are extremely proud to receive this certification from CREST,” commented Steve Nice, Chief Security Technologist at Node4.
“Penetration testing is the most critical component for any comprehensive IT security practice. For us, being part of the CREST community is one of the hallmarks that embodies security best practice. It’s reassurance for our customers that we can protect them from even the most sophisticated cyber threats.”
Working alongside the Bank of England (BoE), government and industry, CREST developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests. STAR (Simulated Targeted Attack and Response) incorporates penetration testing and threat intelligence services to accurately replicate threats to critical assets.
The STAR tests use Threat Intelligence to deliver these attack simulations to provide assurance that organisations have appropriate countermeasures and responses to detect and prevent cyber attack. The STAR scheme is a prerequisite for membership of the BoE CBEST scheme, used to provide assurance to the most critical parts of the UK’s financial services.
For those organisations that have experienced a cyber security incident, or are trying to reduce the likelihood or severity of such an attack, CREST has introduced a scheme based on company assessment and professional qualifications which has been endorsed by GCHQ and CPNI.
The CREST Cyber Security Incident Response scheme focuses on appropriate standards for incident response aligned to demand from all sectors of industry, the wider public sector and academia. Companies included in this scheme have demonstrated that they have effective policies, processes and procedures in place to help organisations plan for, manage and recover from significant cyber security related incidents.
These companies will also have access to professionally qualified staff in intrusion analysis and reverse engineering.
Penetration testing, STAR, SOC and cyber incident response services provided under CREST are also supported by comprehensive codes of conduct for both the company and individual. These codes are used to ensure the quality of the services provided, the integrity of the companies and individuals and adherence to audited policies, processes and procedures. This provides a significant level of protection for any organisation procuring these types of services.
Ian Glover, president of CREST commented,
“Congratulations to Node4 for achieving the certification – it’s not easy to go through the rigorous assessment required to become a CREST member that examines test methodologies, legal and regulatory requirements, data protection standards, logging and auditing, internal and external communications with stakeholders, as well as how test data security is maintained,”
“We are pleased to welcome Node4 as a CREST member and recognise that the company will consistently deliver the highest professional security services standards to its customers while delivering its business and brand objectives.”