The ECSC ASSURE division provides a wide range of consultancy and testing services to support your information and cyber security development, certification and ongoing management.
We offer a wide range of security testing services, including:
- Annual external and/or internal penetration testing
- Specific application penetration testing
- Code auditing
- Social engineering testing
If you aren't already certified, then our consultants prepare you for your UKAS/ANAB accredited certification body assessment. If you are already certified, or following a successful certification project, we can help you manage and maintain your Information Security Management System.
Cyber Essentials is a cyber security standard introduced by the UK government that aims to provide organisations of all sizes with basic, cost-effective protection against the most common Internet-based threats.
ECSC is a Certifying Body for the Cyber Essentials programme; this means we can conduct your assessment, report the outcome to the Accreditation Body (CREST), and ultimately, issue the certificate when you pass.
Cyber Security Review
ECSC's Cyber Security Review is designed to assess the key aspects of your IT security related infrastructure, processes and technical management capabilities, and balance these against the cyber threats that are most relevant to your business.
An ECSC Cyber Security review utilised three essential components, all unique to ECSC:
- ECSC Cyber Security Priorities - areas of IT security protection that DIRECTLY impact on your risks of a serious cyber security breach.
- ECSC Cyber Security Matrix - a scoring tool covering your current capability and the risks that your organisation faces.
- ECSC Cyber Security Quadrant - an Executive level reporting system that gives management a clear picture of your current position and enables resource decisions.
As Qualified Security Assessors (QSAs), our role is to:
- Help you understand your Payment Card Industry Data Security Standard (PCI DSS) compliance obligations and options
- Support you through a development programmed to deploy compliant systems (and remove others from scope)
- Assess you against the standard, either as a Merchant reporting to your bank, or as a Service Provider.
We also support clients to compliance following a breach of card data.