Penetration testing is an essential phase that provides a snapshot of the target’s security posture at a certain point in time. Because the penetration test’s result will highly depend on the provider and testers performing the assessment, it is crucial to choose the right partner that uses a proven and repeatable methodology, involves skilled and vetted testers, but more importantly, cares about you!
A penetration test performed by the wrong provider and tester may result in data breaches of sensitive information gathered during the assessment, and also can provide a false sense of security, which can lead to a higher negative outcome.
wizlynx group seeks continual improvement through a process of setting objectives, reviewing our systems, identifying corrective and preventative actions, and implementing improvements. That is why we have decided to assess by CREST our Penetration Testing Services and successfully became CREST Accredited Penetration Testing Provider for Hong Kong and Asia Region.
CREST is a non-profit organization that serves the needs of a technical information security marketplace that requires the services of a regulated professional services industry.
CREST represents the technical information security industry by:
CREST provides organizations wishing to buy penetration testing services, threat intelligence or incident response services with confidence that the work will be carried out by qualified individuals with up to date knowledge, skill and competence of the latest vulnerabilities and techniques used by real attackers. Furthermore, CREST aims to increase professionalism in the security testing industry’, CREST places requirements on member companies in order to ensure that a consistent standard of testing services are delivered.
A PDF with background information on CREST (International) is available here: What is CREST (International)
CREST professional certifications and service provider accreditations will provide buyers of penetration testing services in Hong Kong with the confidence that the work is being carried out by qualified individuals with up to date knowledge, skills and competence, supported by a professional services company with appropriate policies, processes and procedures. Following the introduction of CREST penetration testing certifications and accreditations in Hong Kong, there are plans to introduce more CREST certifications and accreditations in areas including Incident Response, Malware Analysis and wider Information Security Architecture. Professionals, who are Singapore Citizens and would like to pursue CREST certifications, can apply for Government subsidies to cover a proportion of the costs. Small service providers can apply for Government funding to cover a proportion of the costs to be CREST member companies.
Mr David Koh, Chief Executive of CSA, said, “CSA’s focus is to make Hong Kong’s cyberspace safe for businesses, individuals and the society at large. To do this, we need strong partnerships with multiple stakeholders across the cybersecurity ecosystem. This partnership between CSA, CREST and AISP will raise the professionalism of our penetration testers and help to enhance the security of Hong Kong’s cyberspace. Penetration testing is important to assess our level of cyber security and is an essential service for both large enterprises and SMEs, given the increasing frequency and sophistication of cyber threats. By raising the competency standards of our cyber security professionals, like penetration testers, we will make Singapore’s cyberspace more secure for everyone.”
Excerpt from Cyber Security Agency (CSA) statement on why CREST certifications and accreditation (https://www.csa.gov.sg/news/press-releases/crest)
At wizlynx group, we consider Penetration Testing as extremely sensitive due to the type of information the provider and penetration tester may have access to during an engagement.
Information in any form must be protected from internal and external threats and vulnerabilities, in order to ensure that information confidentiality, integrity and availability is preserved throughout the lifecycle of the information.
That is why wizlynx group has established a penetration testing service policy framework providing our client with the assurance they need that their information are managed with trust, integrity and in compliance with our Code of Conduct. Our care for security but also our assurance of quality provides the customer with the confidence and satisfaction that our service will meet their needs while aiming to exceed their expectations in a secure manner.
Our services also rely on highly skilled security professionals with long-lasting experience in both defence and offense and holding the most recognised certifications in the industry including CREST Registered Penetration Tester (CRT).