This service requires access to your internal network and systems in order to simulate someone who has gained access from the internet or an insider threat from an employee.  The service will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data. The service will identify weaknesses, but not exploit them. It should be noted that although the interaction with your systems is kept to a minimum, there is always a risk that poorly maintained or designed systems can suffer outages during vulnerability assessments. That is why all internal vulnerability assessments are supported with back-out and recovery plans agreed in advance to minimise risk. 

 

Service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.

 

We are able to recommend our IASME trusted partners network to provide additional services such as a full penetration test. Our trusted partners have been subject to due diligence checks by the accreditation body appointed by the National Cyber Security Centre, the UK’s National Technical Authority who are apart of GCHQ. They are also certification bodies for Cyber Essentials and Cyber Essentials Plus schemes which assure you have considered the most common cyber technical controls.