The Information Security Specialists
Aug 12

Security Accreditation Goes International

It may come as a surprise to some that setting clear and agreed standards for cyber security testing is not a common practice in most countries.

In fact the UK has lead the way for many years through the Council for Registered Security Testers (CREST), which has sought to establish quality standards and regulatory procedures to maintain a professional - and trusted - security testing industry.

Recently attitudes in the worldwide security testing industry have started to change and some countries have begun to introduce accreditation schemes. The USA has established security testing guidelines along similar lines to CREST GB and in March 2012 Australian Attorney General Nicola Roxon announced the formation of an Australian branch of CREST.

Interestingly, there has been a mixed reception by industry commentators and experts to the Australian announcement. Some have welcomed the accreditation process as it means businesses can be assured that qualified IT professionals will be carrying out security testing. While others have raised a range of concerns from increased costs to squeezing the ‘creative’ IT testers out from the industry and that levels of testing may be inadequate, or not rigorous enough, or not cover the latest issues affecting the cyber industry, such as Near Field Communication (NFC).

However the concerns raised don’t address why there is a need to have a common benchmark that security testers can work to. An agreed set of standards prevents the debate about the competency of individual testers and sets a single standard that testers can be judged against. It also clarifies and defines what a penetration test is, what the outcomes will be, how the test will be carried out and the methods and tools that testers will use.

This is important for businesses and organisations. They need to know they can trust the penetration tester, who has been given access to sensitive and commercially valuable information and systems, and that they will perform with skill, integrity and accountability. It is our duty therefore to make sure we deliver the very best possible service across the whole of the security testing industry.

Roy Hills has been heavily involved in setting the CREST GB’s standards, guidelines and pen testing training. He is now working with CREST Australia to establish their accreditation scheme.

English French German Italian Portuguese Russian Spanish
Call us now on
01634 721855

Latest News

I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.

View all Testimonials

Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.

View all Testimonials

We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...

View all Testimonials

I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.

View all Testimonials

The NTA testing programme was a success on all fronts.

View all Testimonials

The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.

View all Testimonials

On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...

View all Testimonials

NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.

View all Testimonials

NTA Monitor has been a trusted supplier for a number of years and we have found them to be approachable, helpful and understanding of our needs relating to information security.

View all Testimonials