Buying & Building Cyber Services icon
Back
Accreditation Pathway & Membership icon
Back
Skills, Certifications & Careers icon
Back
News, Events & Research icon
Back
About Us icon
Back
Login to profile
Join Today Find a Supplier

What cyber security service do I need?

Home  »  What cyber security service do I need?

The Threat Landscape

We create and store unimaginable amounts of data, much of it vital for the running of our national defences and infrastructures, our businesses and our personal lives.

This vast resource is vulnerable to criminals and other malign actors – the people who want to steal, corrupt, delete or hold our data to ransom.

Organisations need to be sure that those employed to test and improve the security of their systems are competent and operate to the highest professional and ethical standards.

CREST Assurance

Accredited members provide buyers with clear assurances of the quality of their services, their trustworthiness and the technical capability of their staff.

CREST provides buyers with:

  • Access to trusted service organisations utilising highly skilled, knowledgeable and competent individuals
  • Procurement support
  • Maturity assessment tools
  • Commercially defensible techniques for procuring services
  • Industry benchmarks
  • An intuitive, searchable database of accredited members and services

Our members offer industry-leading levels of quality assurance and peace of mind for buyers thanks to our rigorous accreditation and professional certification processes.

Why use a CREST Supplier?
icon
Find A CREST Supplier

Cyber security services

It is not always immediately clear what cyber security service you may need for your organisation.

To help you we have developed our interactive Buyer Journey which helps you decide what cyber security service you need and puts you in touch with accredited members who can deliver that service.

You can find out more about cyber security disciplines by clicking on the panels at the bottom of the page for a brief introduction on each.

Or, if you prefer, you can click Start you buyer journey below to begin your search.

Start your Buyer Journey

CREST-accredited programmes

icon
Penetration Testing
icon

Penetration Testing

Penetration testing is a method of testing and evaluating the security of a computer system or network by simulating an attack from malicious parties to identify attack vectors, vulnerabilities and control weaknesses.  It involves the use of a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities and uses the expertise of the tester to identify specific weaknesses in an organisation’s security arrangements.  

icon
Intelligence-led Penetration Testing
icon

Intelligence-led Penetration Testing

Intelligence-Led Penetration Testing is the assurance of critical functions that are likely to be subject to sophisticated and persistent attack.

CREST Simulated Target Attack and Response (STAR) intelligence-led penetration tests use threat intelligence to deliver these attack simulations to provide assurance that organisations have appropriate countermeasures and responses to detect and prevent cyber-attack. The tests are carried out by experienced penetration testing providers on all types of organisations and are considered to be the most realistic form of assurance service within the sector. This is combined with a review of the company’s ability to recognise and react to cyber security related attacks.  

icon
Threat Intelligence
icon

Threat Intelligence

Threat Intelligence is defined as contextualised output of a strategically driven process of collection and analysis of information pertaining to the identities, goals, motivations, tools and tactics of malicious entities intending to harm or undermine a targeted organisation’s operations, ICT systems or the information flowing through them. Threat Intelligence can often be used to enrich penetration testing services to simulate sophisticated threat actors.  

icon
Cyber Security Incident Response
icon

Cyber Security Incident Response

Cyber Incident Response is the term used to describe actions undertaken when a computer network or system is compromised or believed to be compromised. Cyber Security Incident Response (CSIR) organisations can evaluate the situation and undertake the most appropriate actions to allow recovery from, and prevent reoccurrence of, the incident.

icon
Security Operations Centre (SOC)
icon

Security Operations Centre (SOC)

A Security Operations Centre (SOC) is a facility where enterprise information systems (e.g. web sites, databases, data centres and servers, networks, etc) are monitored, assessed, and defended.  Depending on the nature of the SOC, organisations may offer a variety of services including monitoring, detection, threat hunting, incident management, log analysis, forensic imaging, malware analysis, reverse engineering, mitigation advice and general good practice guidance.

icon
Vulnerability Assessment
icon

Vulnerability Assessment

Vulnerability Assessment (VA) is the examination of an information system or product to determine the adequacy of security measures; the identification of security deficiencies; to predict the effectiveness of the proposed security measures; and to confirm the adequacy of such measures after implementation.

icon
CREST OVS
icon

CREST OVS is a new quality assurance standard for the web security industry. CREST OVS is aligned to both OWASP’s Application Security Verification Standard (ASVS) and its Mobile Application Security Verification Standard (MASVS).

icon
STAR-FS
icon

STAR-FS

STAR-FS is a framework for intelligence-led penetration testing of the financial sector.

The framework has been developed to meet the needs of the regulators by ensuring the same level of rigour is applied to them whilst reducing resourcing implications on regulators.

STAR-FS promotes an intelligence-led penetration testing approach that mimics the actions of cyber threat actors’ intent on compromising an organisation’s important business services and the technology assets and people supporting those services. Collaboration, evidence and improvement lie at the heart of STAR-FS as well as a close liaison with key stake holders.

The STAR-FS process utilises commercially available threat intelligence services in order to define realistic and current threat scenarios that will be utilised by the penetration testing teams to replicate real world attacks to operational systems. Risks to these systems are mitigated through the establishment of an internal control group, risk assessment, the accredited policies and processes utilised by the service provider and the skill and competence of the threat intelligence and penetration testing providers.