security123c
Joined: 28 Sep 2013 Posts: 1
|
Posted: Sat Sep 28, 2013 6:32 am Post subject: security companies uk |
|
|
Cyber security companies are growing in importance as the threat of malware and cyber-espionage continues to rise year-on-year. But what can they offer to your business, and what do they do?
Cyber security companies are usually small, specialist companies focused exclusively on the field of information security. They carry out the following kinds of task:
˘ Penetration testing: Otherwise known as śethical hackingť, this involves probing a client™s network defences or web application, with permission, and seeking to breach the security in some way. Using the same tools as a malicious hacker would use, the penetration tester seeks to inform the client where the cybersecurity vulnerabilities are, whether or not they are exploitable, and how severe they might be.
˘ Vulnerability assessment: This involves only the initial stages of a full penetration test, simply probing the client™s defences to identify vulnerabilities, and then reporting on them. Information security companies often carry this out using automated scanning tools, as a cost-effective way of keeping track of security vulnerabilities in a network, a website, a set of mobile devices, or a set of computers.
˘ ISO 27001 analysis: Using the international standard for information security management, ISO 27001, the security consultant will analyse how a client compares to the standard, giving recommendations on how to close any gaps that may be identified. This exercise may be performed as part of the work needed for a client to achieve certification against the standard.
˘ Short-term management: In some cases, a cyber security company may send a highly experienced manager to a client™s premises for a temporary project, managing the client™s information security for them. This may be done in order to fill a gap during recruitment of a long-term manager, or else simply in order to carry out a specific project.
As a general rule, cyber security companies are called on for specialist expertise that none but the very largest companies would have available in-house. Skills such as penetration testing are needed only sporadically by any given organisation, but on the other hand these skills require a high level of initial training, and then constant work to keep them current. Hence the vast majority of businesses cannot afford to tie up their own employees in this kind of work, where they will gain little return on their investment in training.
This is where information security companies are able to make a real contribution, offering highly-skilled experts just for the limited time needed, concentrating on cybersecurity alone. Even those areas that at first sight may seem less technical, such as ISO 27001 compliance, in fact require an remarkable breadth of expertise in many different sub-fields. In-house staff implementing the standard will usually have experience only of doing so within their own company. On the other hand, infosec companies can draw on their experience of implementing information security in a wide range of companies, and hence will be able to see things that staff may miss, and bring a much broader perspective to the task. It is for reasons such as this that more and more businesses are finding that it pays to call on cyber security companies for specialist functions of this kind. _________________ security companies uk
security company |
|