Get more info about setting up a new chapter in your area.
Search
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 0
Results:
Sort by:
Accredited Services
-
Cyber Security Incident Response
Cyber Incident Response is the term used to describe actions undertaken when a computer network or system is compromised, or believed to be compromised. CSIR organisations can evaluate the situation and undertake the most appropriate actions to allow recovery from, and prevent reoccurrence of, the incident.
-
Cyber Threat Intelligence (STAR)
Threat Intelligence is defined as contextualised output of a strategically driven process of collection and analysis of information pertaining to the identities, goals, motivations, tools and tactics of malicious entities intending to harm or undermine a targeted organisation’s operations, ICT systems or the information flowing through them. Threat Intelligence is used to carry out specialised penetration testing to deliver highly targeted attacks against organisations to simulate sophisticated threat actors.
-
Intelligence Led Penetration Testing (STAR)
STAR intelligence-Led Penetration Testing are the assurance of critical functions that are likely to be subject to sophisticated and persistent attack. STAR tests use threat intelligence to deliver these attack simulations to provide assurance that organisations have appropriate countermeasures and responses to detect and prevent cyber-attack The tests are carried out by experienced penetration testing providers on all types of organisations and are considered to be the most realistic form of assurance service within the sector. This is combined with a review of the company’s ability to recognise and react to cyber security related attacks.
-
Penetration Testing
Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and/or malicious to identify attack vectors, vulnerabilities and control weaknesses. It involves the use of a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities and uses the expertise of the tester to identify specific weaknesses in an organisation’s security arrangements. Penetration testing is often confused with Vulnerability Assessment.
-
Security Operations Centres (SOC)
A SOC is a facility where enterprise information systems (eg. web sites, databases, data centres and servers, networks, etc) are monitored, assessed, and defended. Depending on the nature of the SOC, organisations may offer a variety of services including monitoring, detection, threat hunting, incident management, log analysis, forensic imaging, malware analysis, reverse engineering, mitigation advice and general good practice guidance.
-
Training Provider
CREST Approved Training Providers have had their training courses reviewed against the CREST syllabus providing a clear and objective view of the course content and the level at which specific subject areas are taught. They have also had their quality procedures, data handling processes and course review criteria audited.
-
Vulnerability Assessment (VA)
VA is the examination of an information system or product to determine the adequacy of security measures; the identification of security deficiencies; to predict the effectiveness of the proposed security measures; and to confirm the adequacy of such measures after implementation.
Government Scheme
-
ASSURE
A mechanism for accrediting Cyber Suppliers to conduct Cyber Audits of Aviation Organisations on behalf of the Civil Aviation Authority.
-
CBEST Penetration Testing
CBEST is a Bank of England scheme delivering controlled, bespoke, cyber threat intelligence-led security testing to financial institutions. The tests replicate the behaviours of threat actors and focus on more sophisticated and persistent attacks against critical systems and essential services. CBEST accredited companies and professionals demonstrate extremely high levels of technical knowledge, skill and competency. See https://www.crest-approved.org/membership/cbest
-
CBEST Threat Intelligence
CBEST is a Bank of England scheme delivering controlled, bespoke, cyber threat intelligence-led security testing to financial institutions. The tests replicate the behaviours of threat actors and focus on more sophisticated and persistent attacks against critical systems and essential services. CBEST accredited companies and professionals demonstrate extremely high levels of technical knowledge, skill and competency. See https://www.crest-approved.org/membership/cbest
-
CHECK
Note, list only displays those CHECK members that are also members of CREST. The NCSC’s IT Health Check Service, or CHECK, was developed to enhance the availability and quality of services provided to Government and the wider public sector. CHECK services identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. The NCSC and CREST work in collaboration to provide a set of examinations that are acceptable to industry and meet the requirements of private and public sectors. All CHECK Team Leaders and Members have passed an approved professional examination, such as a CREST examination, that is designed to test for a basic grounding in the discipline; companies belonging to CHECK are measured against high standards set by the NCSC.
-
CIR (NCSC)
-
GBEST Penetration Testing
Based on the CBEST model, GBEST is a UK Government intelligence-led security testing and cyber resiliency programme co-ordinated by the Cabinet Office. See https://crest-approved.org/gbest/index.html
-
GBEST Threat Intelligence
Based on the CBEST model, GBEST is a UK Government intelligence-led security testing and cyber resiliency programme co-ordinated by the Cabinet Office. See https://crest-approved.org/gbest/index.html
-
STAR-FS Intelligence-Led Penetration Testing
A framework for intelligence-led penetration testing of the financial sector that mimics the actions of cyber threat actors’ intent on compromising an organisation’s important business services and the technology assets and people supporting those services. It is used by Regulators to ensure the same rigour whilst reducing their role in its delivery. https://www.crest-approved.org/what-is-star-fs/index.html
-
STAR-FS Threat Intelligence
Utilises commercially available threat intelligence services in order to define realistic and current threat scenarios that will be utilised by the penetration testing teams to replicate real world attacks to operational systems. https://www.crest-approved.org/what-is-star-fs/index.html
-
TBEST (UK)
TBEST is managed by OFCOM who assist the Government with its telecoms supply chain review ensuring networks remain resilient. TBEST, part of a Security and Resilience Assurance Scheme, is a threat intelligence-led penetration testing scheme based on the techniques known to be used by cyber criminals and hostile nation states that assesses how well a company can withstand a concerted attack which will help to identify security and operational resilience. DCMS have so far completed two pilots.
-
TIBER EU (Europe)
The framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU) enables European and national authorities to work with financial infrastructures and institutions to put in place a programme to test and improve their resilience against sophisticated cyber attacks. TIBER- delivers a controlled, bespoke, intelligence-led red team test of entities’ critical live production systems. Intelligence-led red team tests mimic the tactics, techniques and procedures of real-life threat actors who, based on threat intelligence, are perceived as posing a genuine threat to entities. The test involves the use of a variety of techniques to simulate an attack on an entity’s critical functions and underlying systems. See https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html
-
iCAST (Hong Kong)
iCAST is a framework introduced by the Hong Kong Monetary Authority (“HKMA”) in response to the changing cybersecurity landscape. Under the HKMA Cyber Resilience Assessment Framework, banks which aim to attain the “intermediate” or “advanced” maturity level are required to conduct iCAST. See https://www.crest-approved.org/icast/index.html
Non-Accredited Services
-
Security Architecture
Technical Security Architecture represents a comprehensive and rigorous method for describing a current and/or future information security structure and behaviour for an organisation’s security processes, information security systems, personnel and organisational sub-units to ensure alignment with core goals and strategic direction. Design principles are reported clearly with detailed security control specifications documented separately. This is not a service currently accredited by CREST.
Regions
-
Global
Members that subscribe to all regions
-
Africa
Members that subscribe to the Africa region
-
The Americas
Members that subscribe to the Americas region
-
Asia
Members that subscribe to the Asia region
-
Australasia
Members that subscribe to the Australasia region
-
Europe
Members that subscribe to the Europe region
-
Middle East
Members that subscribe to the Middle East region
Countries
Countries
Search member companies that have offices in the countries listed.