Call us on 03450 21 21 51

SRM Solutions
Pen testing: putting a price on peace of mind
The SRM Blog

Penetration Testing

Filter by category
Pen testing: putting a price on peace of mind

Pen testing: putting a price on peace of mind

When it comes to securing appropriate budgets for pen testing, the key thing is not cost, but value. Yet there is sometimes an uncomfortable dichotomy between what people want..

What is a vulnerability assessment and how should you use it?

What is a vulnerability assessment and how should you use it?

If your business is a house, with all that you hold precious contained inside it, then a vulnerability assessment is the regular checking of doors and windows to ensure..

It’s not a Dark Art: how we demystify cyber security

It’s not a Dark Art: how we demystify cyber security

It’s easy to see why many people think cyber security is a mysterious Dark Art. After all, it has a language of its own, full of acronyms, jargon and..

Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

A breach at any time of the year is bad for business. But with the highest volume of sales – both retail and online – occurring between Black Friday..

Schools are being targeted by cyber criminals: 6 ways to shore up online defences

Schools are being targeted by cyber criminals: 6 ways to shore up online defences

In 2017 the Independent Schools’ Bursars Association (ISBA), which supports over 1,000 senior management staff in schools, stated that cyberattacks in schools can no longer be considered ‘isolated incidents’...

GDPR and data security in the gambling industry

GDPR and data security in the gambling industry

This article first appeared in the Q3 edition of Casino & Gaming International  (CGi ) and appears here with their kind permission. As the implications of the General Data..

Pen testing: seeing both the wood and the trees

Pen testing: seeing both the wood and the trees

If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..

The Industrial Revolution v4.1: with increased opportunity comes increased vulnerability

The Industrial Revolution v4.1: with increased opportunity comes increased vulnerability

If history teaches us one thing it is that there is no going back. It started with the First Industrial Revolution which used water and steam power to mechanise..

The A to E of cyber maturity

The A to E of cyber maturity

In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading..

Three stages to building a robust defence against external threats

Three stages to building a robust defence against external threats

The news has been full of concerns that foreign powers are using state-sponsored hacking as a means to undermine the infrastructure of foreign powers. While it is irresponsible to..

Cyber resilience: it’s a board level issue

Cyber resilience: it’s a board level issue

The problem with cyber resilience is in the name. When it comes to managing the risk posed by potential hackers and the requirement for robust testing and defence protocols,..

How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacks

How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacks

The recent April 2018 Trustwave Global Security Report reveals new global trends in the world of cyber hacking; most notably a move away from smaller high volume point-of-sale (POS)..

Penetration testing: man vs machine

Penetration testing: man vs machine

We already know that the concept of thinking like a potential hacker is the basis of penetration testing. But merely thinking like a hacker is not enough. We must..

The NIS Directive: who does it apply to and what will it mean?

The NIS Directive: who does it apply to and what will it mean?

May 2018 is a big month for cyber security. Not only will the EU General Data Protection Regulation (GDPR) come into effect but a new UK Data Protection Act..

Free live webinar: GDPR – the roles of manual and automated penetration testing

Free live webinar: GDPR – the roles of manual and automated penetration testing

15:00 – 15:45 Thursday 8th March 2018 Have you tested to check your GDPR compliance? A key aspect of GDPR compliance is demonstrating that your systems are secure. Penetration..

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing.  How a responsive Test and Exercise strategy..

What is Red Team engagement?

What is Red Team engagement?

By Andrew Linn, Principal Consultant The news this year has been full of high profile hacks on large organisations. These have included viral and ransomware attacks which have brought..

GoT2: What the Game of Thrones HBO ransom reveals about White Hat Hackers

GoT2: What the Game of Thrones HBO ransom reveals about White Hat Hackers

As Game of Thrones fans watch the unfolding drama in Westeros on their TV screens, corporations around the world are equally riveted by the now public battle for HBO’s..

Game of Thrones: data theft and pen testing

Game of Thrones: data theft and pen testing

‘Hi to all mankind’. Thus began the email sent to journalists by hackers who have reportedly stolen 1.5TB of files and videos from entertainment giant HBO. What has made..

Calling in the Red Team: going above and beyond the vulnerability scan and penetration test

Calling in the Red Team: going above and beyond the vulnerability scan and penetration test

By Kane Cutler In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters..

What is the difference between a penetration test and a vulnerability scan?

What is the difference between a penetration test and a vulnerability scan?

  Penetration testing and vulnerability scanning are sometimes confused. After all, they sound as if they might do a similar job. But there are important differences. Also known as..

Grey Monday and the importance of the penetration test

Grey Monday and the importance of the penetration test

How a correctly-scoped penetration test will future-proof your organisation from real world cyber attacks. In the aftermath of Black Friday comes Grey Monday. The day of reckoning. Because although..

What are the common failure points of repeat info-security assessments?

What are the common failure points of repeat info-security assessments?

Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so what..

The Emerging Market of Cyber-crime as a Service

The Emerging Market of Cyber-crime as a Service

One of the greatest misconceptions about cyber-crime is that you need to be a computer geek to be a cyber-criminal. The truth is the cyber-crime industry is starting to..

The penetration test – a test of faith?

The penetration test – a test of faith?

By Kane Cutler, PCI QSA, Tiger QSTM, CEH Although statistics show that skydiving is a relatively safe pastime, things do sometimes go wrong. Since 2004 653 people have lost..