SOLUTIONS

INTERNET SECURITY SOLUTIONS

Security testing is acknowledged as being a core feature in assuring the security of all companies. According to recent surveys the average cost of a security incident to UK businesses is approximately £25,000.

In addition to this, over 80% of UK companies have had some kind of fraudulent or malicious activity on their networks. Security testing allows businesses a low cost means of establishing their risk exposure, and enables them to make business decisions on security expenditure from a position of knowledge, not fear.

Codestone's Security and e-Commerce testing and auditing services are designed to evaluate your Internet and Information security weaknesses, minimising vulnerability whilst providing a measurable level to gauge risk against. All of our testing services are carried out by highly trained security professionals in accordance with the methodology set out by the OSSTMM (Open Source Security Testing Methodology Manual). The OSSTMM is unique in that it is the first and most widely available standard in development for comprehensive security testing of Internet systems and networks. Unlike the proprietary testing methods most testing companies employ, OSSTMM compliance ensures you are fully aware of every procedure before any testing commences.

Why do you need Security Services?

• To highlight potential security weaknesses before hackers do
• Set measurable baselines for network and information security
• Regulation Compliance or Recommendation
BS7799/IS017799
• Proof of security to customers or partners
• To discover the extent of the damage following an attack and to ensure it doesn't happen again
• Validating work by third parties
• To establish and monitor R.O.I. for existing security infrastructure

Codestone Service Description

Codestone's testing services are modular by design, with a core set of tests that are common to every audit. These core modules and the optional additional modules are described at the back of this brochure. This approach allows us to ensure that you are only paying for the security tests that are relevant to your business, while ensuring that your individual requirements are being met.

Whereas many security testing services commonly use only automated tools, Codestone are able to offer more consistent and accurate results through manual testing based on our consultants' expertise and experience.

With all of Codestone's testing services, extensive reporting is supplied which includes not only the issues identified, but also outlines remediative actions. The reporting is suitable for all audiences and not only provides an executive summary outlining the security stance of the systems under test, but also in-depth technical information.

It is important to note that security requirements vary from institution to institution. Regulatory demands and compliancy often drive varying security demands, which is why we focus on business and organisational drivers, as well as raw technical issues. In other words we make it our business to understand your business.

Codestone's testing services are non-destructive, and usually have negligible impact on normal business activities (unless specific modules such as Denial of Service Attacks, are selected), but nevertheless should it be required we are able to schedule tests out of your office hours.

All of Codestone's tests are backed by a full debrief and telephone support in order to assist your technical staff in understanding the issues that have been identified.

RESOURCES