Which is more expensive: a security breach or a security assessment?

21 August 2012

IT Governance, the cybersecurity experts, have today advised that organisations that are not testing their IT systems and web applications regularly are likely to pay a high price in the event of a security breach.

Penetration testing, also known as ethical hacking, is aimed to ensure that an organisation’s networks and applications are genuinely secure against today’s automated cyber attacks.

Alan Calder, CEO of IT Governance, says, ‘With the ever-increasing risk of external attacks to websites, IT outsourcing and the adoption of new technologies including virtualisation and cloud computing, organisations have to firstly, identify cyberthreats and secondly, put control measures in place to defend themselves from these.’

A recent Data Breach Investigations Report by Verizon found that 92% of incidents were first discovered by a third party. This indicates that companies are not aware of their own vulnerabilities and aren’t realising they are at risk. 

Calder continues, ‘What organisations need to grasp is that they save money by conducting penetration testing regularly. A data breach can cost them tens of thousands of pounds, let alone the reputation damage. The cost of conducting a penetration test is minimal in comparison to the cost of a data breach.’

Penetration testing is an essential component in any ISO27001-compliant information security management system (ISMS). IT can also help organisations to meet the requirements of the PCI DSS standard and comply with the Data Protection Act (DPA).

Organisations can save £1000 if they book a Penetration Testing Standard Package or a Web Application Testing Package in August and September. The packages are also available on a subscription basis.

Both the Penetration Testing Standard Package and the Web Application Testing Package include a comprehensive report identifying vulnerabilities and recommended remedial activity. One of the biggest benefits to organisations is that they can agree the scope of testing delivered for known and fixed benefits. The security testing is conducted by a qualified ethical hacker guaranteeing quality, confidentiality and privacy.

 

*******

For more information, go to www.itgovernance.co.uk/products/3184 and www.itgovernance.co.uk/products/3185. If you are interested in booking a pen test, then contact the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750 or by email to servicecentre@itgovernance.co.uk.

__________________________________________________



Looking for something specific?