Connect with us
Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Top Stories


Portcullis Supports New Cbest Framework Information Security Specialist Assists In Development Of Penetration Testing Standard For Financial Services Industry

Portcullis Computer Security, information security specialist, has assisted CREST, the not-for-profit organisation that represents and certifies the technical information security industry, Bank of England, and Her Majesty’s Treasury and Financial Conduct Authority in developing the new CBEST penetration testing standard.

The standard was created to address the security testing requirements of firms demanding more than could be delivered through traditional assurance services, and to improve and test resilience to the increasingly sophisticated threats and attackers. As such, CBEST currently represents the top tier of services within the penetration testing industry, sitting above the normal CHECK and CREST services.

Security specialists and testing organisations must achieve the new CREST Simulated Target Attack & Response (STAR) certification in order to deliver services to the CBEST standard. As an organisation certified under the new CREST STAR, Portcullis is amongst the first that can undertake CBEST tests for its clients.

Portcullis Supports New Cbest Framework Information Security Specialist Assists In Development Of Penetration Testing Standard For Financial Services Industry

Portcullis Supports New Cbest Framework Information Security Specialist Assists In Development Of Penetration Testing Standard For Financial Services Industry

“One of the key features of the framework is an agreed approach to testing high value systems,” says Tim Anderson, commercial director, Portcullis. “Historically, the fear of downtime made it challenging to test key systems, which is counter productive because these systems are considered key for a reason and therefore likely to be targeted. There has also been a move to break the constraints of typical assurance projects, which were often focused around particular systems rather than particular threats.

“By taking a more threat-centric approach and reviewing the same systems that would be involved in a real-world attack, including high value systems, it is possible for organisations to get a better understanding of their current security posture in relation to sophisticated, persistent attacks.”

To help shape the test scopes, there is access to an intelligence feed which provides a commentary on the nature of the latest attacks, such that the testing can closely mimic the live situation.

While the scheme has been primarily created for the benefit of financial services companies, as they have traditionally been one of the most targeted sectors, these principles can be applied to tests for any sector.

“Standardisation of this type of testing is excellent for the industry and underlines the approach that Portcullis has been using over the last few years. We have been working with clients to overcome the limitations of a traditional approach to information assurance by using threat intelligence in order to focus on risk and subsequently prioritising those systems most likely to be targeted. In terms of the testing itself, taking a more scenario based approach has allowed Portcullis to evaluate real-world exposures across a range of interconnected systems rather than just reviewing systems in isolation,” concludes Anderson.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking and Finance Review, Alpha House, Greater London, SE1 1LB, You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post