tag:blogger.com,1999:blog-18249781569634125062024-03-13T00:11:54.766+00:00AgilityISSecuring your futureUnknownnoreply@blogger.comBlogger17125tag:blogger.com,1999:blog-1824978156963412506.post-68441432491009311732017-06-02T16:14:00.000+01:002019-02-07T15:11:19.706+00:00Join us for Infosecurity WeekInfosecurity Week is a seven day city wide event bringing together Infosecurity professionals to learn, share and have fun in and around London.<br />
<br />
Coinciding with Infosecurity Europe and Bsides London, Infosecurity Week is the definitive calendar of all things InfoSec running 5-11 June 2017.<br />
<br />
Check out what’s on during this busy week and attend anything from specialist conferences, training courses, networking events, vendor parties, awards ceremonies and much more.<br />
<br />
Although many of the events are in walking distance from Kensignton Olympia, some are a little further away in Knightsbridge and Soho.<br />
<br />
During the days on Tuesday - Thursday you will find us on stand Q140 at <a href="http://www.infosecurityeurope.com/" target="_blank">Infosecurity Europe</a>, and also at <a href="https://www.securitybsides.org.uk/" target="_blank">BSides London</a> on Wednesday.<br />
<br />
In the evenings we will be at the Crown & Sceptre on Holland Road from 7pm on Monday, the Buddha-Bar on Knightsbridge from 7:30pm Tuesday, The Atlas on Seagrave Road from 8pm Wednesday and the Beaconsfield on Blythe Road at 6:30pm Thursday. Join us and relax for an hour or two over a beer.<br />
<br />
We are supporting several <a href="http://www.whitehatrally.org/" target="_blank">White Hat Rally</a> charity fundraising events during the week in support of Barnardo's. Sign up to their news letter for more details.<br />
<br />
There’s a whole host of reasons to make your way to London next week!Unknownnoreply@blogger.comHammersmith Rd, London W14 8UX, UK51.496283 -0.210726000000022451.409712999999996 -0.37208750000002239 51.582853 -0.049364500000022404tag:blogger.com,1999:blog-1824978156963412506.post-77706568516279030332016-11-14T23:47:00.000+00:002016-11-24T00:02:39.312+00:00SWIFT Premium Services Forum Europe 2016Next week in Berlin we will be attending SWIFT's PSF EMEA forum to lead delegates in a panel discussion on developing secure culture within a business.<div>
<br /></div>
<div>
Open exclusively to subscribers to SWIFT’s Premium suite of services, this exclusive event is an unrivalled opportunity for networking with peers, discussing challenges and exchanging experiences to continue to enhance operational excellence.<br /><br />The theme for this year’s event is <b>Operations – Collaboration – Excellence</b> exploring through innovative and highly interactive sessions how far collaborative solutions have developed during the last year and identifying new opportunities for working together to address the issues we all face.<br /><h3>
<br /></h3>
<h3>
Building a culture of security</h3>
<div>
<br /></div>
The need to make Security part of the corporate DNA by building a culture of security in all areas of an organisation has never been more critical.</div>
<div>
<br />Whether staff are involved in reinforcing the protection of critical infrastructures and applications against evolving threats, or in meeting more demanding auditing and regulatory requirements, awareness of the important part they play is key in effective defence.<br /><br />In this plenary session, we will explore how to foster a sense of ownership so that everyone involved in managing critical environments is ready to embrace their critical role.</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-82475172543050873502016-11-09T23:30:00.000+00:002016-11-23T23:46:32.052+00:00Cyber Crime – managing risk in an interconnected worldNext week we are at the Turnaround Management Association (TMA) UK annual conference. Presenting on the risks and disruption that today's cyber criminals, we will bring this topic to life with real life examples that will amaze you.<br /><br />Disruption is changing our lives, it touches every industry, clients and customers, but the opportunities for true business leaders and criminals are immense.<br /><br />Managing Disruption is the 2016 theme for this year's conference. Sign up as a delegate and join us at the magnificent lecture theatre of the British Library.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-72807282724395680932016-03-26T00:56:00.001+00:002016-03-26T22:13:07.664+00:00A hard perimeter defence alone isn't enough With the rapid adoption of blended on- and off-premise technology solutions, the traditional security perimeter is fast paling into insignificance. Information increasingly resides beyond the corporate boundary as data moves to mobile devices, cloud services, and other locations outside of the organisation’s network. Users are becoming more mobile and business stakeholders are increasingly specifying the shrink wrapped solutions they wish to consume.<br />
<br />
These demands increasingly blur the corporate boundary and make management more complex, presenting an ever increasing challenge for those trying to maintain security of the organisation’s information assets. More than ever, these factors mean that the security approach now needs to be agile, layered, and responsive to users, but lets not forget that the internal threat remains.<br />
<br />
Maintaining visibility of where data resides, how it is accessed and where it is used is key to any security strategy. In the past this was very straightforward as all data remained within an organisation on its network, PCs and servers. Even the traffic to the Internet passed through narrow choke points, but no more. Achieving the required visibility is much more complex today.<br />
<br />
It’s impossible to adequately secure information without understanding where it rests, who has access to it, and how it is transmitted. While some visibility of data movements still exists within the corporate network, it isn’t complete. Unmanaged devices, particularly those not connecting via the corporate network, may access cloud services directly and as such data movements are largely invisible. <br />
<div>
<br /></div>
<div>
While cyber threats are without doubt an important consideration, we should not forget the internal threat. A robust perimeter may be a good first line of defence, but it does little to protect against those with legitimate physical and logical access within that perimeter. Multiple levels of defence, comprehensive monitoring, alerting and timely investigation and response are now essential components necessary to complement risk and vulnerability assessments.</div>
<div>
<br /></div>
<div>
AgilityIS can work with you, advising on current good practice, to ensure that appropriate security is implemented in a cost effective and pragmatic manner.</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-76554505169329456392016-03-07T02:38:00.000+00:002016-03-26T22:15:09.887+00:00Layered context aware security monitoring is a necessityA successful security management system must be layered, as well as agile. To provide robust security, a combination of preventative and detective controls must be applied to the network, hosts and devices, applications, services and transports as well as to the data itself, creating defence in depth.<br />
<br />
Correlating events from multiple sources, both logical and physical, using a security information and event management solution (SIEM) allows anomalies to be identified. The SIEM should be context aware, able to understand normal behaviour patterns including time, location, device, connection method, application and information requested.<br />
<br />
Draw on our experience to understand how to obtain the security intelligence you need. Our dedicated team can help you make informed decisions.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-40519207244313068682016-03-06T13:47:00.000+00:002016-03-06T19:22:23.528+00:00Cybercrime and Security Innovation Centre LaunchThe Cybercrime and Security Innovation Centre (CSI) opening in Leeds aims to improve and incorporate evidence based approach into the frontline policing of digital forensics and cybercrime investigations and to advance human factors of computer security and forensics mechanisms and practice.<br />
<br />
Leeds Beckett University will host an exciting line up of speakers who will discuss cybercrime, digital security, forensics and safety with key figures delivering presentations in the afternoon, followed by a panel discussion.<br />
<br />
<blockquote class="tr_bq">
Date: Wednesday 6 April 2016<br />
Time: 13:30-18:00<br />
Venue: James Graham, Headingley Campus</blockquote>
<br />
The event will finish with a networking opportunity, and will be followed by an event on campus at 18:30 run by the Leeds Hacking Society and Leeds Beckett University Open Web Application Security Project (OWASP) Student Chapter.<br />
<br />
<a href="http://www.leedsbeckett.ac.uk/events/faculty-events/cybercrime/" target="_blank">Read more and register online...</a><br />
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-36516647087929430912016-02-18T21:41:00.000+00:002016-03-26T21:41:56.575+00:00Security today requires collaboration with usersWith employees increasingly using non-corporate devices to undertake company business over untrusted networks, organisations face a significant security challenge with these unmanaged devices providing little or no visibility of usage.<br /><br />Worse still, the use of shadow IT presents a severe security threat and it can be difficult or even impossible to know if unauthorised IT is being used or what it is being used for. Without understanding what data is being stored or shared by users and where, there is no way to understand the associated risks or to ensure that the data is appropriately protected.<br /><br />The only practical way to tackle this situation is to proactively engage with the user community, understanding their needs and frustrations, to work together to find secure solutions that are easy to use. With security as an enabler providing the solutions they need, users are less likely to seek unauthorised alternatives.<br /><br />But that’s only part of the solution. It is essential that users understand the security risks associated with today’s ways of working, and the part they play in keeping information secure. For some organisations this can be a significant cultural challenge, but educating users about security risks, including risks that affect their personal devices and personal information, is essential and ultimately keeps them in a job.<br /><br />Importantly, both the dialogue around solutions and the awareness training need to be continuous and ongoing. Listening and responding to the needs and concerns of users and managers ensures that solutions to get their job done effectively and securely can be delivered in a timely manner.<br /><br />This may be a new way of working for some IT and security professionals who have previously delivered only one-way communications to business users regarding enterprise solutions, company policies and security threats. This change in mind set is however essential in establishing an effective and successful security strategy and a positive change in cultural behaviour.<br /><br />AgilityIS can help you adapt to the realities of the modern mobile world, building trust with the business and users, and providing awareness training around security and social engineering threats.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-30618699529187599302016-02-09T01:52:00.000+00:002016-03-28T01:52:37.135+01:00Penetration TestingOur penetration testing adheres to recognised standards including the OWASP, CHECK and CREST testing methodologies, meeting and exceeding the requirements of standards set by government and regulators such as the FCA, and the requirements of PCI DSS.<br />
<br />
Our reports will help you clearly understand both business and technical risks, identifying not only known technical vulnerabilities, but also design flaws within the application's logic and errors in implementation . Our easy to follow recommendations will give you a clear indication of how to fix the vulnerabilities we have identify, and further sources of information.<br />
<br />
We offer a complete range of security testing services, both remote and on-site.<br />
<br />
<ul>
<li>Infrastructure Penetration Testing</li>
<li>Web Application Security Testing</li>
<li>Wireless Network Penetration Testing</li>
<li>Vulnerability Scanning</li>
<li>Mobile Application Testing</li>
<li>System Build Review</li>
<li>Source Code Review</li>
<li>Lost/Stolen Laptop Review</li>
<li>Lost/Stolen Mobile Device Review</li>
</ul>
<div>
<br /></div>
Whether you require a basic external infrastructure vulnerability assessment, or a full internal penetration test we can help.<ul>
</ul>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-6832386731135908612016-02-02T11:33:00.000+00:002016-02-17T19:40:26.903+00:00Is Social Engineering really a problem?As computer security controls become more effective attackers are seeking ever more complex methods of targeting organisations and their staff. By combining technical expertise with social engineering they are increasingly more successful in gaining access to sensitive information, valuable assets and money.<br />
<br />
Risk managers now frequently recognise the need to consider the human factors in Information Security as many attackers are now actively engaged in hacking the human as this is often more susceptible to attack than the technology.<br />
<br />
Social engineering is the clever use of deception or impersonation to gain trust that leads to unauthorised access of sensitive information or facilities. Unfortunately people are often the weakest link in an organisation's security defences, as many of the good qualities we look for in human behaviour are the very same ones that can lead to compromise.<br />
<br />
Although people have become much more familiar with the term "social engineering" in recent years, this hasn't unfortunately lead to a reduction in successful social engineering attacks. In fact, they are increasing rapidly. Awareness and understanding of social engineering techniques, and how to defend against them, are key to your survival.<br />
<br />
We offer a full range of social engineering testing and training services.<br />
<br />
Our review, assessment and testing services include:<br />
<ul>
<li>Assessing the vulnerability of your facilities to physical compromise</li>
<li>Testing your physical defences and your staff's susceptibility to physical manipulation</li>
<li>Evaluating your staff's susceptibility to remote social engineering</li>
<li>Measuring the success of bespoke phishing attacks against your staff</li>
<li>Testing the effectiveness of your security awareness training</li>
</ul>
Our social engineering training is particularly useful for executive’s personal assistants, receptionists, help desk and call centre operatives, but is beneficial for all staff in both their work and personal lives. By raising their awareness of the dangers of social engineering, helping them to better understand the techniques used by attackers, and by providing them with defence strategies they will be better prepared to defend your organisation.<br />
<br />
For those wishing to be educated themselves, to be able to test their own organisation or to better engage the services of others, we also offer an offensive course that teaches the techniques and methodology used to successfully gain unauthorised access to buildings and information. With a strong emphasis on the legal and ethical considerations associated with such testing we equip your risk managers with the knowledge they need.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-62066095455030582882016-02-01T03:01:00.000+00:002016-02-20T23:46:21.179+00:00Support Our Charity: White Hat Rally<div class="separator" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;">
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh7QskAaF6X4jzaxSW5s6kU6wvbxYlU951GcasxVaFVNVnYIuPmUzSy3LVXsNZJPbZ4cV2t2fOLoBLnG9PC7R175iPigMIolkC1YxnXjk7Oierkws9pJ1ZsjG4Rbmmmhcu9PVSTlt_KenZ/s200/White+Hat+Rally+logo.jpg" width="200" /></div>
Once again we are supporting White Hat Rally in raising funds for Barnardo's to help in their work with vulnerable children.<br />
<br />
Join us on the event for a real fun packed murder mystery adventure as we go to France.<br />
<br />
Corporate sponsorship packages are now available. Visit <a href="http://www.whitehatrally.org/">www.whitehatrally.org</a> for details.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhKnUdxAfQzuNARGc-E6rJ20AxifkHXxEzHrDmHExWBl8DwZLuJzNRoMHxwGT1SFWQtCvQ233cqODxq2KoyGnvscamG7jCWJ0ZsBlKopBkNkhlQfdAOC9wu1qaX4NmaFRi26VJSUiUFW6r/s570/White+Hat+Rally+banner.jpg" width="570" /></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-62294045415642914942016-01-19T23:20:00.000+00:002016-02-20T23:46:48.871+00:00PCI DSS Penetration TestingAgility's penetration testing services meet and exceed the requirements of PCI DSS. Merchants and service providers can prepare for an annual PCI compliance audit by engaging with our specialist security assessment team who will perform internal and external penetration testing to meet your obligations as mandated by PCI DSS Requirement 11.<br />
<h4>
What is PCI DSS?</h4>
PCI DSS is a worldwide standard intended to reduce the rising number of incidents of stolen cardholder data. Endorsed by Visa, MasterCard, Cardholder Information Security Program (CISP), Discover, Diners Club, and American Express whose goal is to protect cardholder account information.<br />
<br />
The due diligence required to meet the standard is complex, requiring merchants to address the twelve requirements of PCI DSS by undertaking testing, performing remediation, retesting, and documenting compliance findings in preparation for a PCI DSS compliance audit.<br />
<h4>
What’s included in the penetration test’s scope?</h4>
The scope of PCI mandated penetration testing includes all systems and networks within the cardholder data environment and requires the tests to be undertaken by experienced penetration testers who are independent from those individuals managing the cardholder environment.<br />
<h4>
Who does the PCI security standard apply to?</h4>
Entities that accept credit or debit card payment, collect, process or store card transaction information are required to be compliant with PCI DSS. Failure to meet the security standard can result in substantial fines or expulsion from card programmes.<br />
<br />
<div>
Section 11.3 of the Payment Card Industry Data Security Standard (PCI DSS) requires organisations to conduct penetration tests at least once a year and after any significant infrastructure or application upgrade or modification. The penetration tests must include the network-layer and application-layer penetration tests both internally and externally.<br />
<br />
<b>Contact us today to discuss your requirements for PCI DSS including regular ASV vulnerability scanning, QSA services and PCI DSS penetration testing.</b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-29608400531379755962016-01-14T17:28:00.000+00:002016-02-20T23:46:00.994+00:00Don't forget about your people!Any business is only as secure as the people in it. Mistakes happen, they're unavoidable, but through education, policies and good practice the likelihood and severity can be reduced. It is important to equip your staff with the skills they need, you'd be negligent if you didn't and it's no good blaming them when things go wrong if you haven't set expectations and provided the knowledge.<br />
<br />
We provide a wide range of training to help ensure that your people, both within the business and IT, have the skills and awareness they need to keep you secure. Enabling them to act responsibly and effectively, to understanding potential threats and how to protect against them, and how to detect and what to do when compromised are key to your survival.<br />
<br />
Our awareness training course range from secure coding and development practices for your technical team, to combating social engineering attacks against call centres and key staff. General security awareness across your organisation is essential in today's connected world.<br />
<br />
We occasionally run open courses at security conferences but frequently run bespoke courses for our clients, especially in the area of social engineering awareness and defence.<br />
<br />
Popular courses include:<br />
<ul>
<li>Social Engineering for Call Centres</li>
<li>Social Engineering for Penetration Testers</li>
<li>Social Engineering Awareness and Defence for Financial Services</li>
<li>Social Engineering Awareness and Defence for Healthcare Providers</li>
<li>Web Application Defensive Programming for Developers</li>
<li>Engaging Penetration Testers for Procurement and Project Managers</li>
</ul>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-84124671048525707532016-01-11T23:18:00.000+00:002016-02-20T23:44:17.053+00:00Manual vs Automated Web Application TestingThree different approaches to web application testing can be adopted; automated, manual or a combination of both – however the outcomes, given a typical web application, are likely to be very different both in terms of coverage and cost, but most importantly in terms of the level of assurance obtained.<br />
<br />
Agility's standard methodology utilises the combined approach, providing an efficient and effective service attaining a high level of assurance in the most cost and time effective manner.<br />
<h4>
Level of Assurance</h4>
Automated web application vulnerability assessment tools have the ability to efficiently identify some categories of technical vulnerabilities, such as the most simple forms of common web vulnerabilities including some SQL injection and Cross-site scripting, and typically identify only well known vulnerabilities.<br />
<br />
More complex vulnerabilities, for example those related to or dependant upon application logic, or flaws in security functionality design (such as authentication and authorisation) are not readily identified using automated techniques and require a manual testing approach.<br />
<br />
Other web application testing tools, designed to assist a manual tester, can greatly increase the efficiency of testing by automating a series of steps, or performing hundreds or thousands of iterations of a transaction under the guidance of the manual tester therefore achieving results that would otherwise be impractical.<br />
<br />
AgilityIS therefore utilise a combination of these methods that is invariably the most appropriate approach. All our testing is manually led, first gaining an understanding of the application logic and then selecting the most appropriate tools to assist in the testing of the web application.<br />
<br />
Using automated vulnerability assessment tools alone would lead to a false sense of comfort, with real issues going unidentified. The more intricate vulnerabilities that remain would ultimately be the ones that are most likely to be exploited to real effect, leading to the compromise of information or fraudulent transactions.<br />
<br />
Manual testing alone would not be exhaustive enough and could lead to areas of vulnerability remaining undiscovered, particularly where multiple iterations are required to identify patterns in the applications behaviour that may be exploited.<br />
<br />
By using a combination of manual testing techniques and automated tools testing is both efficient and effective. By testing from an informed position using this combined approach we can provide you with the highest level of assurance in the most cost and time effective manner.<br />
<h4>
Operational Impact</h4>
As well as the differing levels of assurance obtained when considering the relative merits of automated and manual web application testing, there are some further points that should be taken into account particularly around the risks associated with performing the different types of tests.<br />
<br />
There are inherent risks associated with automated testing. Because it is impossible for an automated tool to view a given function in its complete context, testing any function which results in a change in application state or data could result in a loss of or damage to data, or erroneous data being stored or processed by the application.<br />
<br />
Manual testing uses a number of strategies to dramatically reduce the risk of such events occurring. Most significantly, functions are subjectively analysed under ‘normal use’ scenarios before testing commences. This enables the tester to understand the full context and effect of a function. Testing can then be tailored for the specific function.<br />
<br />
Manual testing is also able to identify the same vulnerabilities using a significantly reduced number of requests by analysing responses in a more intelligent manner. This greatly reduces the number of erroneous transactions, and permits the tester to keep track of transactions made during testing so that administrators can reverse them later.<br />
<h4>
Threat Defence</h4>
Finally, consideration needs to be given to which threats you are trying to protect against, and this may well vary depending on the application and its use.<br />
<br />
An automated scanner will help in defending against automated attacks, making your application a less interesting target compared to other less well defended sites. However, it will not deter a more focused attacker who will look for more complex ways to exploit your infrastructure.<br />
<br />
Agility commonly find sites that are vulnerable to exploits such as Cross-Site Scripting which allow an attacker to embed code within a website that subsequently allows the attacker to directly target genuine users of the website. These users are unaware that pages rendered in their browser may be malicious, even though they appear to come from your trusted website. Such exploits harvest user supplied information, may prompt for passwords and so on, and all the information is passed back to the attacker.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-63094007501431828062016-01-08T23:19:00.000+00:002016-02-20T23:44:54.142+00:00Get Safe OnlineProtect yourself, your family and your business against Internet security threats with free expert advice.<br />
<br />
The <a href="http://www.getsafeonline.org/">GetSafeOnline.org website</a> contains practical security advice aimed at making you aware of Internet risks and vulnerabilities, and providing you with the information you need to protect yourself against these threats. Information includes how to: <br />
<ul>
<li>install anti-virus software </li>
<li>make back-ups </li>
<li>protect your privacy </li>
<li>set ground rules for children </li>
<li>shop, bank and use online auctions safely </li>
<li>guides for businesses </li>
<li>and much more… </li>
</ul>
<br />
<a href="http://www.getsafeonline.org/">GetSafeOnline.org</a> is a joint initiative between HM Government, the Serious Organised Crime Agency (SOCA) and leading businesses, which aims to help individuals and businesses to protect themselves against Internet security risks. It is a neutral, unbiased and objective source of information and expert advice for everyone.<br />
<br />
As an Internet user, you know what a fantastic resource it is for learning, shopping, doing your banking online, keeping in touch with friends and family, and many more fun activities. However, you may also be concerned about the risk of being online – suffering a virus attack, receiving unwanted emails or becoming the victim of online fraud. By taking some simple measures you can help protect yourself against many online threats and reduce the risk of becoming a victim.<br />
<br />
Go to <a href="http://www.getsafeonline.org/">www.getsafeonline.org</a><br />
<br />
<br />
<b>AgilityIS helping people protect themselves online</b><br />
<br />
<br />
<h4>
What is Get Safe Online?</h4>
Get Safe Online is the UK’s national Internet security awareness campaign for the general public, micro and small businesses. The campaign is a joint initiative between HM government, the Serious Organised Crime Agency (SOCA), and private sector sponsors from the worlds of technology, retail and finance. The campaign website <a href="http://www.getsafeonline.org/">www.getsafeonline.org</a> is the definitive source of free, unbiased, current information and advice about how to keep safe and secure online.<br />
<div>
<h4>
Why is it important?</h4>
The Internet is a fantastic resource for the general public and business. However, given the risk of crime perpetrated on the Internet – for example identity theft, email and website scams and computer hacking – it is vital that the general public have the information they need to protect themselves and their devices when online.</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-78404997735487802712016-01-07T22:54:00.000+00:002016-02-20T23:45:20.206+00:00What is Cyber Security?<h2>
Information Security, IT Security, ISO 27001, PAS 555, Cyber Security... What does it all mean? What's the difference? Is this something new you need to know about, or is it knowledge you already have?</h2>
<h4>
What's this new cyber security thing all about?</h4>
For those well versed in IT security you'll be pleased to know it's nothing new at all - it's the same stuff we've been doing for many years!<br />
<h4>
So why the new synonym?</h4>
The cynical might sight it as a marketing initiative, creating new opportunities to sell the same old stuff under a new wrapper, and I have to say very little has in reality changed to warrant a new term.<br />
<h4>
Is there a difference between cyber security and IT security?</h4>
Some, but not a lot! Cyber security is essentially a subset of IT security, focusing only on cyber threats. For the most part that means things to do with the Internet, but cyber-space does extend to any computer to computer communcations, USB devices containing malware and the like.<br />
<h4>
So is IT security all about technical controls?</h4>
No. While the vast majority of defensive controls will be technical in nature, training and education, personnel vetting and so on are all relevant to IT and cyber security. Remember that these are themselves a subset of Information Security which covers all aspects of secure information management.<br />
<h4>
What does cyber security achieve?</h4>
Essentially it focuses on protecting computers, networks, programs and data from unintended or unauthorised access, change or destruction, ensuring the confidentiality, integrity and availability of information systems.<br />
<h4>
Why is cyber security suddenly so topical?</h4>
As the numbers of mobile users, digital applications and interconnected networks increase, so do the opportunities for exploitation. Network outages, computer viruses, data compromise and other incidents affecting our lives and businesses are becoming increasing more common. As more and more of our world becomes connected and the speed of connection increases, the risk grows. The impact, whether causing inconvenience, material losses, or threats to life, is also growing.<br />
<h4>
Is cyber security important?</h4>
Yes! SMEs, corporates, governments, military, educational, healthcare and financial institutions, and most other businesses all collect, process and store a great deal of confidential information on networked computer systems. With the growing volume and sophistication of cyber attacks, continuous effort is required to maintain the security of sensitive business and personal information, as well as safeguarding critical national infrastructure.<br />
<h4>
AgilityIS Cyber Capability</h4>
Our cyber specialists can assist you in all aspects of cyber security assurance. From secure design architecture reviews, infrastructure and web application penetration testing to assurance and due diligence reviews. We have decades of experience that we can bring to your projects.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-46289273468628350362016-01-06T21:12:00.000+00:002016-02-20T23:03:37.858+00:00Security Assurance for DWP and PeoplePlus PartnersAgility offer a full range of information security services to assist DWP and PeoplePlus partners in securing their organisation to the stringent level required by the Department for Work and Pensions (DWP) and PeoplePlus (formerly Action for Employment, A4e). Our services include penetration testing, ISO 27001 ISMS, social engineering and information assurance due diligence reviews.<br />
<br />
PeoplePlus requires its partners to engage an independent reputable specialist company, experienced in Information Security services, to undertake penetration testing of their infrastructure and applications. Security testing should therefore be performed by a company that is not connected in any way with the provision of Work Programme Partner Information Systems and Services.<br />
<br />
Agility meets these requirements being recognised by CREST (the Council of Registered Ethical Security Testers), with our consultants holding ICE and ACE qualifications as CREST Certified Testers (CCT). We have many years of experience in delivering all the services necessary to support the security requirements mandated by Government Departments and their partners.<br />
<br />
Testing is not limited to technical vulnerabilities but also examines the settings and features of user access to the Partner Work Programme Information, which could allow misuse of authorised access to perform unauthorised actions, and also extended to physical security and social engineering.<br />
<br />
The governance and testing requirements imposed by PeoplePlus are designed to reduce risks that pose a threat to the confidentiality of PeoplePlus and DWP data being held or processed on Partner Work Programme Information Systems and Services. Contact us for further details of our services.Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1824978156963412506.post-18892783365259559032016-01-04T17:00:00.000+00:002016-03-27T03:23:02.984+01:00Agility is the key to every security management systemThe term Agile is most often associated with software development, however the same model can be applied to almost any discipline or process. Establishing a set of principles by which requirements and solutions evolve through collaboration encourages rapid and flexible response to change. Agility promotes adaptive planning, evolutionary development, early delivery and continuous improvement.<br />
<br />
Agility is fast becoming a core requirement for security. Threats evolve rapidly, devices, applications and cloud services change quickly. Frequent updates are applied to operating systems and software, sometimes beyond the control of the enterprise. Security therefore needs to be flexible, adapting at a moment’s notice to quickly and easily accommodate changes to the extended business environment through which users access, transmit and store information.<br />
<br />
<a href="http://www.agilityis.uk/martin-law.html">AgilityIS</a> provides a fresh and exciting new approach to security assurance.<br />
<div>
<br /></div>
Unknownnoreply@blogger.com