NTA Monitor

Latest News

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More

The Return of the Insider Threat

1st July 2009 When NTA started security testing twelve years ago, the main focus was on the insider threat. There were many reports with statistics showing that most security breaches were due to insiders. By contrast there was very little focus on the external threat via Internet and third-party network links. Back then many companies did not even have a firewall. Read More

NTA's accreditations

PCI

NTA is a PCI Security Standards Council Approved Scanning Vendor (ASV). The PCI security standards use a set of industry measurements and tools to secure payment card transactions and systems. The organisation is self regulating and was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

In order to qualify as an ASV, NTA was successfully tested in three main areas:

The PCI standards are a combination of industry tools and measurements, which help to ensure that sensitive information is securely stored. NTA's PCI compliance testing and auditing services help to ensure that customers' online payment transaction systems are secured to a very high standard.

CHECK

IT health checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. CESG has traditionally provided IT health check services for HMG and the wider public sector of systems handling protectively marked information. Demand for these services has grown. Therefore, in line with similar CESG initiatives, a special partnership with industry is the most appropriate way of meeting this demand. The IT Health Check Service, or CHECK, was developed to enhance the availability and quality of the IT health check services that are provided to government in line with HMG policy. Companies belonging to CHECK are measured against high standards set by CESG. Therefore, HMG and CNI customers can be assured that they will receive a high quality service if the work is carried out under the Terms & Conditions of CHECK.

CLAS

CLAS is the CESG Listed Adviser Scheme - a partnership linking the unique Information Assurance knowledge of CESG with the expertise and resources of the private sector.

CESG recognises that there is an increasing demand for authoritative infosec information assurance advice and guidance. This demand has come as a result of an increasing awareness of the threats and vulnerabilities that information systems are likely to face in an ever-changing world. The scheme ensures that private sector Information Assurance providers have a good understanding of current government policy and guidance, the risks to official systems and the techniques available to counter them.

CREST

CREST(Council of Registered Ethical Security Testers) was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST's main aim is to represent the information security testing industry and offer a demonstrable level of assurance as to the competency of organisations and individuals within those approved companies.

CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing.