GBAF Logo
PORTCULLIS SUPPORTS NEW CBEST FRAMEWORK INFORMATION SECURITY SPECIALIST ASSISTS IN DEVELOPMENT OF PENETRATION TESTING STANDARD FOR FINANCIAL SERVICES INDUSTRY - Top Stories news and analysis from Global Banking & Finance Review
Top Stories

PORTCULLIS SUPPORTS NEW CBEST FRAMEWORK INFORMATION SECURITY SPECIALIST ASSISTS IN DEVELOPMENT OF PENETRATION TESTING STANDARD FOR FINANCIAL SERVICES INDUSTRY

Published by Gbaf News

Posted on June 19, 2014

3 min read
Add as preferred source on Google
fintech Digital banking cybersecurity Central Banks financial services

Portcullis Collaboration with CREST and CBEST

Portcullis Computer Security, information security specialist, has assisted CREST, the not-for-profit organisation that represents and certifies the technical information security industry, Bank of England, and Her Majesty’s Treasury and Financial Conduct Authority in developing the new CBEST penetration testing standard.

The standard was created to address the security testing requirements of firms demanding more than could be delivered through traditional assurance services, and to improve and test resilience to the increasingly sophisticated threats and attackers. As such, CBEST currently represents the top tier of services within the penetration testing industry, sitting above the normal CHECK and CREST services.

CREST STAR Certification Requirements

Security specialists and testing organisations must achieve the new CREST Simulated Target Attack & Response (STAR) certification in order to deliver services to the CBEST standard. As an organisation certified under the new CREST STAR, Portcullis is amongst the first that can undertake CBEST tests for its clients.

Portcullis Supports New Cbest Framework Information Security Specialist Assists In Development Of Penetration Testing Standard For Financial Services Industry

Portcullis Supports New Cbest Framework Information Security Specialist Assists In Development Of Penetration Testing Standard For Financial Services Industry

Advantages of the CBEST Testing Framework

“One of the key features of the framework is an agreed approach to testing high value systems,” says Tim Anderson, commercial director, Portcullis. “Historically, the fear of downtime made it challenging to test key systems, which is counter productive because these systems are considered key for a reason and therefore likely to be targeted. There has also been a move to break the constraints of typical assurance projects, which were often focused around particular systems rather than particular threats.

“By taking a more threat-centric approach and reviewing the same systems that would be involved in a real-world attack, including high value systems, it is possible for organisations to get a better understanding of their current security posture in relation to sophisticated, persistent attacks.”

Intelligence-Driven Penetration Testing

To help shape the test scopes, there is access to an intelligence feed which provides a commentary on the nature of the latest attacks, such that the testing can closely mimic the live situation.

Broader Application and Industry Benefits

While the scheme has been primarily created for the benefit of financial services companies, as they have traditionally been one of the most targeted sectors, these principles can be applied to tests for any sector.

“Standardisation of this type of testing is excellent for the industry and underlines the approach that Portcullis has been using over the last few years. We have been working with clients to overcome the limitations of a traditional approach to information assurance by using threat intelligence in order to focus on risk and subsequently prioritising those systems most likely to be targeted. In terms of the testing itself, taking a more scenario based approach has allowed Portcullis to evaluate real-world exposures across a range of interconnected systems rather than just reviewing systems in isolation,” concludes Anderson.

Key Takeaways

  • Portcullis helped develop the CBEST penetration testing standard in collaboration with CREST, Bank of England, HM Treasury and FCA.
  • CBEST is an intelligence-led, threat‑centric framework designed to test financial institutions’ resilience beyond traditional assurance services.
  • Portcullis is among the first organisations certified under CREST’s new Simulated Target Attack Response (STAR) to deliver CBEST testing.
  • The framework uses real‑time threat intelligence to mimic sophisticated attacker scenarios for high‑value systems.

References

Frequently Asked Questions

What is the CBEST framework?
CBEST is an intelligence‑led, threat‑centric penetration testing framework developed by CREST, the Bank of England, HM Treasury and FCA to assess cyber resilience in financial services.
What is CREST STAR certification?
CREST STAR (Simulated Target Attack Response) is a new certification standard under CREST, required to deliver CBEST‑level penetration testing.
Why is CBEST considered more rigorous than traditional testing?
Because it uses real threat intelligence to simulate sophisticated, persistent attacker scenarios against high‑value systems, rather than focusing on isolated systems or generic assurance services.

Tags

Related Articles

Image for Why Curiosity Is the Hidden Engine Behind Every Big Idea

Why Curiosity Is the Hidden Engine Behind Every Big Idea

Image for The Silent Shift Reshaping Global Finance

The Silent Shift Reshaping Global Finance

Image for The Invisible Forces Rewiring Global Finance—And Why the Shift Is Already Underway

The Invisible Forces Rewiring Global Finance—And Why the Shift Is Already Underway

Image for The Global Finance Reset No One Is Talking About—But Everyone Is Feeling

The Global Finance Reset No One Is Talking About—But Everyone Is Feeling

Image for The Financial Trend Hiding in Plain Sight—Why Everything Feels the Same, But Isn’t

The Financial Trend Hiding in Plain Sight—Why Everything Feels the Same, But Isn’t

Image for The Financial System’s New Rhythm—Why Change Is Happening Without Disruption

The Financial System’s New Rhythm—Why Change Is Happening Without Disruption

More from Top Stories

Explore more articles in the Top Stories category

Image for The Subtle Forces Reshaping Global Finance—And Why They Matter Now
The Subtle Forces Reshaping Global Finance—And Why They Matter Now
Image for The Quiet Realignment of Global Finance—Why the System Is Changing Without a Shock
The Quiet Realignment of Global Finance—Why the System Is Changing Without a Shock
Image for The Global Financial Shift That Feels Small—But Is Changing Everything
The Global Financial Shift That Feels Small—But Is Changing Everything
Image for The Financial System’s Invisible Pivot—Why the Biggest Changes Don’t Make Headlines
The Financial System’s Invisible Pivot—Why the Biggest Changes Don’t Make Headlines
Image for Why Global Supply Chains Are Becoming Smarter, Faster, and More Resilient
Why Global Supply Chains Are Becoming Smarter, Faster, and More Resilient
Image for Why Workforce Agility Is Becoming Critical in the Future of Work
Why Workforce Agility Is Becoming Critical in the Future of Work
Image for Why Global Trade Is Entering a New Era of Resilience and Reinvention
Why Global Trade Is Entering a New Era of Resilience and Reinvention
Image for Why Cybersecurity Is Becoming a Core Business Priority in the Digital Economy
Why Cybersecurity Is Becoming a Core Business Priority in the Digital Economy
Image for Why Data-Driven Decision-Making Is Becoming the Backbone of Modern Business Strategy
Why Data-Driven Decision-Making Is Becoming the Backbone of Modern Business Strategy
Image for How Real-Time Data Is Redefining Decision-Making in the Digital Economy
How Real-Time Data Is Redefining Decision-Making in the Digital Economy
Image for Why Cash Flow Visibility Is Becoming the Most Critical Metric for Business Survival
Why Cash Flow Visibility Is Becoming the Most Critical Metric for Business Survival
Image for How Digital Payments Are Redefining the Speed and Scale of Global Commerce
How Digital Payments Are Redefining the Speed and Scale of Global Commerce
View All Top Stories Posts