TEST
ASSESS
ADDRESS
Challenge
Understanding your defensive capabilities is vital but obtaining that insight and then digging deeper is a resource-intensive process that requires high levels of skills and the right blend of experience.
Solution
Cyber Test Assess is a comprehensive service that offers Penetration Testing, Red Teaming and multi-faceted assessments to provide rigorous testing and assessment of your defensive capabilities.
BSS is CREST Accredited
As well as our broad panel of testers, BSS is also now CREST accredited as an organisation, meaning if you need CREST Testers through a CREST provider, we can help. Contact Mark Ampleford for more information
Verify us on CREST’s Member Company list here: Barclay Simpson Solutions Ltd | CREST
TEST
Penetration Testing
We understand the importance of good penetration testing:
Available When you need it
With clear results and risks
And actionable remediation steps
We have CREST and Cyber Scheme Penetration Testers who can support:
- Scoping – Making sure you get the right test for the right cost / benefit
- Planning – Ensuring your testing fits with your business needs and will be effective
- Coordination – Making sure testers, environments, project teams and test objectives work in harmony
- Testing – Conducting testing, hands on tool-based and manual tests
- Reporting – Making sure you get a clear view of what has been tested, how well, and the key issues
- Prioritisation + Remediation – Ensuring that your project and business as usual teams have clear decision support on what to fix, in what order, for how much effort, cost and risk reduction
- Retest – Retesting post remediation when you need it
- Training – Training internal testers, developers and engineers to conduct testing
We can test based on your system configuration and changes, or on a threat model, and we can also perform configuration reviews for Cloud services where that’s best practice.
We cover: Infrastructure | Applications | Cloud | OT
Red Teaming
BSS Offers Threat-Led and Objective Led Red Teaming, to simulate adversary activity and allow you to evaluate and enhance your defences.
Threat Led:
We work with you to understand your key threats and develop a threat model.
Testing is planned to emulate specific or wider threats.
Testing is conducted to emulate an adversaries motivation, techniques, tactics and procedures.
Follow up work is carried out to ensure that you gain a strong understanding of strengths, gaps and areas for improvement in a way that your defenders can consume.
Objective Led:
We work with you to set a realistic objective, that allows you to specifically test portions of your defences, or simulate an adversary taking realistic steps towards a goal.
This can include increasing the detectability of attacks, if necessary collaborating with defence teams during the activity to support them in detecting and containing threats.
ASSESS
DevOps Security Assessment:
We can test your DevSecOps pipeline controls and engineering practices and
- Benchmark using OWASP SAMM and DSOMM.
- Check for equivalence with manual testing
- Advise on risks vs OWAS Top 10 for CI/CD
NIST CSF Assessments
We can provide assessments of your current state, maturity and gap to target for NIST CSF
We also provide mattings into other frameworks
ISO27001 Readiness
We have experienced ISO27001 Lead Implementers, Auditors and security managers who can assist with your ISO27001 journey.
OT Security Maturity
Our team has experience working with global companies on Operational Technology Security in multiple contexts, get in touch for further
Audits & Assessments
BSS has internal auditors and assessors for general, IT and Information Security internal audit activity and audit support.
Contact us to discuss your Testing and Assessment needs and learn how our clients have benefitted from our expertise, commercial and partnership approach. cyberta@bss.uk.com
