Industry:
Housing Association and Support Provider
The Challenge:
To ensure Advance retain a secure environment free from vulnerabilities
The Solution:
Penetration testing conducted by a CREST and CHECK accredited supplier
Benefits:
- Mitigate the risk of data leakage
- Ensure business operations are continued
- Increase cyber-security awareness
- Meet regulatory compliance
- Regular optimisation of security stature
Company Profile
The Challenge
The need for penetration testing has always been required by Advance, their annual security plans are comprehensive and the testing of their environment is a pivotal component. With an organisation like Advance, it is critically important to ensure their sensitive client data is kept safe and secure.
A key requirement of the security plans needed a CHECK and CREST accredited supplier to ensure their security is optimised and in compliance with ISO 27001 and GDPR. Advance needed a penetration tester who could quickly understand their requirement to conduct testing and identify any potential gaps in their armoury.
The Solution
As a partner of over 8 years, MTI understand Advance’s need to be compliant with very stringent security controls to ensure they are managing their data securely. The annual security plans devised by Advance included regular testing conducted by CHECK and CREST certified organisations. MTI was asked to test Advance to identify any potential vulnerabilities across the business including the full internal and external networks.
MTI conducted a full IT health check for Advance in order to meet with the ‘Department of Work and Pensions’ requirements.
The elements tested include:
- External Network Penetration Test
- Internal Network Penetration Test
- OS Hardening/Build Review
- Domain Compromise Test
- Password File Cracking
- Onsite Wireless Test
- Laptop Compromise Assessment
- Remote Social Engineering
- Physical Security Review/Social Engineering Assessment
- Citrix Break-out Test
- Firewall Configuration Review
- Router/Core Switch Review
Results
Through regular testing, Advance has begun to develop a company-wide maturity to security and testing as a whole. The various aspects of the testing like social engineering have had a marked effect on raising awareness on both physical and cyber security for Advance.
Advance has been able to comfortably complete the requirement for Cyber Essentials with progressively less remedial action. Through the partnership with MTI, the specific focus across multiple areas of the business was vital for Advance to ensure they are compliant with GDPR and ISO 27001.
Testing provides foundations for Advance to build action plans for the business to enable the continuous improvement process. In addition, the partnership allows Advance to be more dynamic through Performance, Governance and Quality (PGQ) and tenders for new business, along with opportunities to continually test, optimise and improve their security stature
The whole end-to-end experience from MTI was very efficient. From the Account Management to the Service Delivery, it was just seamless.
Philip Jackson
Head of ICT & Business Systems, Advance Housing & Support Ltd
Why MTI?
Choosing MTI provided Advance with peace of mind. By entrusting the award winning penetration testing team, MTI was able to build a long-term robust testing plan within budget for Advance. MTI took time to understand the business and to understand the unique requirement. Advance found MTI gave them peace of mind whilst providing accurate scope and scale for their needs.
Advance highlighted the full end-to-end service from the account management team, to the testing and through to project management was first class. The outputs from the full penetration testing service provided clear concise reports, as part of the high-level service Advance have come to expect with MTI.
