London, UK – 24 April, 2013 – Digital Assurance, the independent security assessment and information assurance consultancy, today announced the launch of its Managing Security Tests Training Course which aims to inform and enable personnel to extract more value from security tests. The Managing Security Tests Training Course equips staff who have a responsibility for buying, planning or supporting security tests with the knowledge and understanding necessary to gain the most effective use from externally sourced security testing. The one-day course explains the rationale for security testing, how to identify applicable services and providers from the market place, and how to effectively deal with the output of security assessments and tests. Using these skillsets, attendees will learn how to leverage maximum benefit from security investment while minimising risk.
The Managed Security Tests Training Course is delivered by experienced security testing professionals adept at working in a wide range of commercial and public sector environments. Aimed at senior IT and security personnel, such as security managers, security and risk analysts, project managers and PC QSA and CESG CLAS consultants, the course provides the basis to critically select, assess and interpret security testing services. Following the course attendees will gain a broader understanding of:
- Flavours of testing – an appreciation of the differences between the various types of penetration and security testing including infrastructure testing, application testing, black/white box testing, code reviews etc
- Market overview – a summary of the security testing market place including the providers of services and products that can be used to fulfil security tests
- Vendor selection – the knowledge and tools to select vendors and products that best fulfill the organisations security testing requirements
- Stakeholder involvement – be able to effectively engage stake-holders in the scoping and pre-planning stages to ensure that all security requirements are appropriately incorporated into the security testing plan
- Appliance of compliance - Understand and be able to incorporate specific security testing requirements to the HM Government CESG CHECK scheme, GCSX code of connection and Payment Card Industry (PCI) security testing amongst others
- Independent testing - Be able to plan and execute security testing projects effectively and safely
- Management of findings – have the knowledge and tools to effectively interpret and manage the findings that may arise from security testing and to develop remediation plans that address identified risks in an effective way.
“As a vendor-neutral consultancy, we’re often asked for advice and guidance on everything from selection criteria to how to evaluate test reports, so we decided to develop the Managing Security Tests Training Course in response to that demand. Training really is the only way to increase awareness in the marketplace and we hope that by imparting some of our knowledge we can help to demystify the security process and promote best practice,” says Greg Jones, Director, Digital Assurance. “The Managing Security Tests Training Course provides those responsible for selecting security solutions with the information necessary to make an informed decision. The IT or security professional can use the skills we impart to choose the right supplier for the job. But the course also goes much further, helping them assess, interpret and even execute those tests to get the maximum value from their investment, all for just a day of their time.”
The Managing Security Tests Training Course can be hosted at either the Digital Assurance offices in central London or on site. Attendees are provided with documentation including a guide summarising security testing approaches and methodologies and are able to take away document samples such as a statement of requirements, security testing plans and terms of reference for vendors to complete, and remediation plans and tracking spreadsheets. Further information can be seen at: http://www.digitalassurance.com/services/security-training/how-to-scope
For more information on course scheduling and availability please contact Digital Assurance Consulting Limited, exhibiting at stand L60 at Infosecurity Europe 2013, the No. 1 industry event in Europe from 23rd – 25th April 2013 at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk
About Digital Assurance
Digital Assurance is an independent vendor-neutral security consultancy founded in 2006 by experienced security professionals to bring comprehensive, effective and flexible information security services to market. We develop and deliver a range of security testing, information assurance, and security training products and services to reduce the cost and complexity of mandatory and regulatory compliance for clients ranging from large bluechip multinationals through to government agencies. Our consultants are security cleared and CREST or CHECK accredited, equipping them to tackle the most technically challenging and demanding of security projects. Plus we take an active role in the security community, conducting research on emerging technologies, exposing vulnerabilities and developing the security tools necessary to combat these threats. To find out more, please go to www.digitalassurance.com or follow us on Twitter @da_security.