Penetration Testing for SMEs
CIS penetration testing services are aimed predominantly at small and medium companies who want to demonstrate adequate network and website security to customers and other stakeholders. This service is ideal for organisations who wants to protect customer and company data, or who need to ensure their systems are protected from malicious hackers.
A penetration test is designed to target your organisation’s technical infrastructure and its exploitable vulnerabilities. It begins by profiling your systems and looking for weaknesses or configuration oversights that can be leveraged to bypass security controls. We use all known vulnerabilities to assess your systems’ security posture.
Once the initial identification stage is complete this information can be used to penetrate further into your network and web applications allowing us to test your most critical systems in both authenticated and unauthenticated modes.
We have extensive experience of carrying out penetration tests to support compliance with external security standards such as:-
- ISO 27001
- PCI DSS
- Cyber Essentials Plus
Typical Penetration Testing Targets
Typical targets include (but are not limited to):
- Remote entry points
- Network devices
- Database and application servers
- E-Mail servers
- Network storage devices
- Websites and E-commerce systems
- Research and Development systems
- Other Trusted systems (Including your security systems)
Professional Penetration Testing Approach
Our consultants are CISSP certified and as such are well versed in not just your technical security infrastructure but also how this dovetails into your policies, procedures and data security requirements. This broad skill set allows us to take a holistic approach to testing and security management generally.
Because we will be accessing sensitive information about your network and systems, penetration testing is carried out under strict NDA.
CIS consultants carry out penetration tests with the greatest of care. Our aim is always to fully test your infrastructure but ensure that live systems are unaffected. We will never attempt to exploit a discovered vulnerability without first discussing the risks with you.
Once the test has been performed you will receive a report on the findings together with detailed remediation steps so that weaknesses can be eradicated. We can also provide full telephone and email support to explain any areas of the report that you do not fully understand.
For more information about Penetration Testing for your business, please call 0161 710 1007 or request a call back>>