Overview

Organizations are increasingly dependent upon their information systems and data for day-to-day functions. Sarbanes-Oxley, PCI DSS, HMG and industry-specific governance demand assurance that information assets are appropriately protected. Mandalorian's security assessment services provide high quality technical assurance services with a refreshing business-focused approach to reporting. Covering everything from regular infrastructure tests to full-scale reviews of core business systems, Mandalorian's team have the skills and experience to provide you with a jargon-free review of your security posture.

Mandalorian's penetration testing services focus on remediation and are written in Business English, designed to be understood from boardroom to basement. Reports are tailored to client requirements and threats are qualified to a standardised manner. A Mandalorian penetration test provides a thoroughly qualified view of threats and weaknesses affecting the target of evaluation.

In addition to a final report, all Mandalorian penetration tests come with technical findings, graphs and screenshots in formats for internal remediation tracking purposes.

Why Penetration Test?

There are many reasons to conduct penetration testing both internally and externally. Penetration testing is often used by businesses as part of a wider assurance process and the results are normally combined with a risk assessment in order to determine whether a given project should receive accreditation or sign-off from information security stakeholders. Penetration testing is also used to demonstrate compliance with legislation, including (but not limited to):

1. PCI DSS
2. Sarbanes-Oxley
3. HIPAA
4. ISO 27001
5. Other national government requirements
6. Internal audit requirements

Benefits

Penetration Testing provides organisations with a snapshot in time of their actual security exposure. Penetration testing acts as a litmus test of the effectiveness of a system or application's information security controls and is an essential part of best practice information security management. Other benefits of penetration testing include:

1. Obtain detailed information on real-world security threats to distinguish between critical, less critical threats and false positives.
2. Define and implement appropriate measures to prevent security breaches, reduce downtime and recovery costs associated with security incidents.
3. Demonstrate to third-parties that Information Security is taken seriously.
4. Build business cases for further investment in a given area.
5. Highlight shortfalls in information security management.
6. Identify otherwise unnoticed regulatory exposures.

Deliverables

The primary deliverable for any penetration testing exercise is a final report, containing an executive summary section written in Business English, designed to be understood from boardroom to basement and a technical section developed with a remediation focus in mind. Reports are tailored to client requirements and threats are qualified according to documented rating mechanisms. This ensures that each finding's threat ratings are thought out and well-defined.

Mandalorian's reports are also designed to integrate into internal risk assessment and management practices as much as possible. Mandalorian can provide technical findings, graphs, screenshots and even report text separately for internal remediation tracking purposes upon request.

In addition to reports, Mandalorian consultants are also available during and after the penetration test to discuss findings or the report. Formal wash-up meetings and workshops can be arranged to maximise the value gained from an individual penetration test.

Further Information

To discuss your Penetration Testing requirement with a Mandalorian advisor, please fill in the form below.