Implementation & Procurement Guides


PENETRATION TESTING

Penetration Testing Procurement Guide   provides practical advice on the purchase and management of penetration testing services, helping you to conduct effective, value-for-money penetration testing. It is designed to enable your organisation to plan for a penetration test, select an appropriate third party provider, and manage all important related activities.  This guide is subject to review and update shortly …

Procuring Penetration Testing Services    provides an overview of best practice for procuring penetration testing services.  This overview document is subject to review and update shortly …

A Guide for Running an Effective Penetration Testing Programe    This CREST guide provides practical advice on the establishment and management of a penetration testing programme,helping organisations to conduct effective, value-for-money penetration testing as part of a technical security assurance framework.  it is designed to enable organisations to prepare for penetration tests, conduct actual tests in a consistent, competent manner and follow up tests …

CREST has also developed a suite of maturity assessment tools to help assess the status of a penetration testing programme based on the standard  industry scale.  Read more

CYBER SECURITY INCIDENT RESPONSE

Cyber Security Incident Response Procurement Guide   Cyber Security incidents have not only become more numerous and diverse but also more damaging and disruptive with new types of cyber security attacks emerging regularly.  This Guide provides details about how to handle cyber security incidents in an appropriate manner and gives practical advice on how to prepare for, respond to and follow up an incident in a fast and effective manner.   It is designed to enable you to determine what a cyber security incident means to your organisation, build a suitable cyber security incident response capability and learn about where and how you can get help …

Cyber Security Incident Response Supplier Selection Guide   In support of the Procurement Guide, the Supplier Selection Guide provides practical advice on the procurement of cyber security incident response services.  it outlines the key concepts needed to define a cyber security incident and build an appropriate response capability whilst presenting guidance on how to apply a systematic and structured process to selecting a reputable supplier to most effectively meet your needs …

CREST has also developed a maturity model to enable assessment of the status of an organisation’s cyber security incident response capability.  The model has been supplemented by a spreadsheet-based maturity assessment tool which helps to measure the maturity of a cyber security incident response capability based on the standard industry scale.  Read more

CYBER THREAT INTELLIGENCE

What is Cyber Threat Intelligence and how is it used?   This Guide provides practical advice on the practice and procurement of cyber threat intelligence services.  It outlines the key concepts and principles that underpin cyber threat intelligence, along with the ways in which organisations use cyber threat intelligence to prevent, detect and respond to cyber security incidents.

SECURITY OPERATIONS CENTRES (SOCs)

Cyber Security Monitoring and Logging Guide  The Guide presents details about how to monitor and log cyber security events, some of which are potential indicators of compromise that can lead to cyber security incidents if they are not addressed quickly and effectively.  It offers practical advice on how to manage logs efficiently, deal with suspicious events, use cyber security intelligence and address challenges.

CREST has developed a detailed and comprehensive accreditation process for SOCs.  You can read more about our criteria here

REGULATOR SCHEMES

CBEST Implementation Guide  The CBEST Implementation Guide provides an overview of the CBEST Scheme and how it is implemented with the support of the security services industry.  It also provides practical advice on how the services under the CBEST Scheme can be procured.  Further information on CBEST can be found here

Cyber Essentials Implementation Guide  The Guide provides practical advice for organisations that are looking to improve their basic cyber security controls and achieve a Cyber Essentials security certification.  It has been designed to meet the requirements of both organisations within the commercial, not-for-profit and public sectors and of individual who are responsible for mitigating cyber risk and enabling business within their organisations.  Further information on Cyber Essentials can be found here