CREST is a not for profit organisation and is governed by a formal Memorandum of Association (MOA) as a company limited by guarantee. Under this MOA, companies are invited to join a trade association as members, subject to certifying that they meet the minimum standards of ethics, methodologies, and technical capability.
In contracting a CREST member organisation to perform a security test, a client can feel secure in the knowledge that the work will be carried out to rigorous standards by qualified, knowledgeable individuals.
Penetration testing is a widely accepted method of assuring information security and has become an integral part of many organisations operational and technology risk management programs. Yet despite the widespread use of penetration testing, there has historically been a definite lack of agreed standards and practices.
CREST (Council of Registered Ethical Security Testers) was created in response to the need for regulated and professional security testers to serve the global information security marketplace. CREST`s main aim is to represent the information security testing industry and offer a demonstrable level of assurance as to the competency of organisations and individuals within those approved companies.
CREST is a standards-based organisation for penetration test suppliers incorporating a best practice technical certification programme for individual consultants. Additionally CREST provides its members with a framework of guidance including standards, methodologies and recommendations aimed at ensuring the very highest standards of leading-edge security testing.
|
|
