Experiencing a Security Breach?
contact@prisminfosec.com +44 (0) 1242 652 100 +44 (0) 1242 652 100

Category: Cyber security assessments

Prism Infosec Transition to the IASME Cyber Essentials Certification Scheme

Posted on by Prism Infosec

Today marks the official launch of The IASME Consortium becoming the National Cyber Security Centre‘s Cyber Essentials Partner. IASME’s Chief Executive, Dr Emma Philpott, MBE, said, “We welcome the prospect of continuing to work in partnership with NCSC and the fantastic array of expert Certification Bodies in our assessment network to further develop and grow the Cyber Essentials scheme.”

Prism Infosec is delighted to have transitioned to the new scheme and can continue to offer Cyber Essentials and Cyber Essentials Plus certification to new and existing clients.

For further details see our Cyber Essentials (including online ordering) and Cyber Essentials Plus service pages or call us on +44 (0) 1242 652100.

Coronavirus Update

Posted on by Prism Infosec

Prism Infosec would like to provide an update to our clients on our continued capacity to deliver cyber security services. Information security responsibilities should not stop in the event of a pandemic, indeed there is clear evidence of cybercriminals looking to exploit this further (see: https://www.ncsc.gov.uk/news/cyber-experts-step-criminals-exploit-coronavirus).

Our ISO27001:2013 Information Security Management System makes full provision for business continuity planning, which focusses primarily on asking our consultants to work from home in the event that we must close our offices. All consultants can access our testing servers and data securely in the same manner as if working from one of our offices.  

Clearly, we offer a mix of remote testing and consulting services which we envisage will not be affected by the Coronavirus as we have enough resource internally, whilst being geographically diverse, to be able to deliver these services. As such, we believe it is unlikely that all of consultants will become affected at the same time – particularly given we have closed our offices.

There are a number of services that we offer that usually require our consultants to come onto site, however given the unprecedented situation these can be delivered in other ways to ensure continuity of testing: –

·         Internal Penetration Testing – Prism Infosec can conduct this over a client VPN, or ship a small appliance to a client premises to allow us to gain access either via the client’s Internet channel or a separate communications mechanism

·         Internal Consulting – this can be delivered using video conferencing and screen sharing using any collaboration tools that are supported by our clients

·         Cyber Essentials Plus – IASME has published the following guidance: there is no change to the existing requirements. Assessors are already not obliged to visit client offices if the client can give the assessor suitable remote access to carry out the tests. This would likely involve VPN access and remote desktop access to carry out the internal tests. If you use this method, there is no need to notify IASME about the remote audit.

·         PCI QSA / SAQ Support – the PCI Security Standards Council (PCI SSC) has published guidance on the issue of remote audits during this time – for further details see: https://blog.pcisecuritystandards.org/remote-assessments-and-the-coronavirus

Prism Infosec  are fully committed to protecting customers, employees and the public as a whole and as such will be complying with guidance and restrictions announced by the government, which may involve late changes.

If we can help further or you’d like to discuss any specific concerns regarding service delivery or indeed maintaining cyber security during the pandemic please don’t hesitate to get in touch with the team at Prism Infosec.

Prism Infosec win Award for Excellence at PCI London 2020!

Posted on by Prism Infosec

Prism Infosec is delighted to announce that it was presented with a PCI Award for Technical Excellence at the PCI London 2020 conference on the 23rd January 2020. The award was in recognition of the delivery of an advanced red teaming approach to meeting PCI requirements for technical assurance. 

The review panel felt that Prism Infosec’s case study was an outstanding example of best practice, which we believe highlights our innovative approach and the end-to-end quality of our testing and consulting engagements.

The full case study can be downloaded from our website, by clicking here

An abridged case study service sheet can be downloaded from here.

If you would like to speak with a member of our team to learn more about how Prism Infosec can help your organisation, or to book a similar engagement, please email contact@prisminfosec.com or call +44 (0) 1242 652 100.

Prism Infosec Sponsors PCI London 2020 Conference

Posted on by Prism Infosec

Prism Infosec is proud to announce that we will be one of the headline sponsors of the PCI London 2020 conference on the 23rd January 2020. We look forward to meeting all of the attendees, if you’re going be sure to visit our stand to learn more about our PCI services.

The 20th PCI London will look at the latest in the processes and technologies used to protect payment and personal data. There will be real-life case studies, strategic talks and technical break-out sessions from PCI DSS and compliance teams behind some of the world’s most admired brands, who know, just like you, that payment security is now more important to business than ever.

University Cyber Security Health Check Service

Posted on by Prism Infosec

The BBC reported recently that University defences across the United Kingdom are straightforward to breach within a relatively short period of time.

Prism Infosec has launched a focussed cyber security health check service to provide an initial view of the risk and identify immediate vulnerabilities and weaknesses that could be used to compromise key data.

See our service page for further information and contact us now for a quote.

eCommerce Risk Assessment Service Launch

Posted on by Prism Infosec

Concerned that your organisation’s eCommerce channel may be susceptible to attack? Procure a short risk assessment from us to get an initial view of whether your site may be vulnerable to similar attacks against a well-known British airline. Click here for more details and to contact us for an initial no obligation quote!

CREST Corporate Membership

Posted on by Prism Infosec

Prism Infosec has been delivering security testing services for over 10 years and we are delighted to announce that we have now become a CREST member company.

Following an extensive review of our approach to engaging with customers and how we deliver penetration tests, the CREST assessors awarded us corporate membership on June 6th 2017.

Our certification underpins our commitment to the delivery of quality cyber security assessments and provides our clients with the necessary assurance that they are engaging with a suitably certified delivery partner.

Cyber Essentials and Cyber Essentials Plus Certifying Body

Posted on by Prism Infosec

Prism Infosec is now a Cyber Essentials and Cyber Essentials Plus certifying body with CREST and can provide review services and certification of our clients to this UK Government cyber security standard.

Whilst providing a basic but essential level of protection, the Cyber Essentials scheme enables organisations to ensure that they have in place a baseline level of protection against common threats from the Internet.

Prism Infosec can now support its clients with ensuring readiness toward certification as well as conducting the review of the self-assessment questionnaire and issuing the certificate upon reaching the necessary standard.

Cyber Essentials Plus provides a more rigorous certification and verification of your companies level of cyber security is carried out independantly by Prism Infosec as a certifying body.