Client
For over four years, Prism Infosec has supported The National Lottery Community Fund by delivering a wide range of security testing services as part of their ongoing assurance programme for both its legacy IT estate and newly deployed infrastructure and services.
Challenge
The client required a comprehensive and ongoing approach to IT security testing across a diverse and evolving technology landscape. This included securing both on-premise and cloud infrastructure, protecting critical web applications and APIs, evaluating physical and wireless network access, and defending against social engineering and advanced simulated attacks. The client also needed flexibility to request ad-hoc testing and support as new risks or projects emerged.
Solution
Prism Infosec delivered an extensive suite of security assessments tailored to the client’s needs. This included annual IT Health Checks of on-premise and Azure infrastructure, web application testing across platforms such as SharePoint and WordPress, Wi-Fi assessments, configuration reviews of desktops and servers, and detailed testing of external attack surfaces. Red team exercises were also conducted, simulating real-world attack scenarios to test the organisation’s physical and digital resilience. These involved background intelligence gathering, cloning access passes, tailgating into facilities, and social engineering via email and phone. All testing was supported by flexible call-off arrangements to accommodate evolving security priorities.
Results
The ongoing engagement resulted in consistently successful delivery and high client satisfaction. Prism Infosec not only identified and reported on vulnerabilities across the environment but also provided actionable remediation advice and strategic guidance. The relationship has continued to grow, with the client further engaging Prism Infosec to assist with vulnerability management and to support the implementation of Network Access Control (NAC) across the organisation.
