This service requires access to your internal network and systems in order to simulate someone who has gained access from the internet or an insider threat from an employee.  The service will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data. The service will identify weaknesses, but not exploit them. It should be noted that although the interaction with your systems is kept to a minimum, there is always a risk that poorly maintained or designed systems can suffer outages during vulnerability assessments. That is why all internal vulnerability assessments are supported with back-out and recovery plans agreed in advance to minimise risk.

 

Service reporting will describe in plain language, what each weakness means to your business and the risks associated with each.  Service reporting will include plans and guidance on how to fix those weaknesses.

 

We are able to recommend our IASME trusted partners network to provide additional services such as a full penetration test. If after this you need further support, we are able to recommend you to our network of trusted partners. These trusted partners have been subject to due diligence checks by IASME, the accreditation body appointed by the National Cyber Security Centre to oversee the Cyber Essentials/Cyber Essentials Plus schemes. As such, they have a sound understanding of the most common cyber technical controls.