SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Pentest People achieve Assured Service Provider status for NCSC CIE scheme
Wed, 27th Mar 2024

Pentest People, the UK-based Penetration Testing as a Service (PTaaS) and cybersecurity experts, have announced their status as an Assured Service Provider in the National Cyber Security Centre (NCSC) Cyber Incident Exercising (CIE) scheme. This newly launched initiative run by the NCSC, through its Delivery Partners CREST and IASME, allows organisations to easily access reliable cybersecurity professionals to scrutinise the resilience of their cyber incident response plans, improving overall incident management processes.

Pentest People is one of the few companies in the UK that received this accreditation. This assures their ability to provide customised, structured cyber incident exercises to UK businesses, charities, government, and public sector organisations. These exercises are designed to test, evaluate, and enhance their cyber incident response plans. As part of this service, they will deliver two types of exercises.

The first is a Table-top exercise. This discussion-based session convenes relevant teams to discuss their roles, responsibilities, anticipated activities, and critical decision points as outlined in the incident response plan. The session, guided by a cyber incident scenario, is facilitated by the CIE Assured Service Provider.

The second is Live-play exercises. In this live role-play exercise, team members perform their designated roles and responsibilities within their everyday working environment, responding to a controlled feed of information that imitates a specific cyber incident scenario. Actions and decisions unfold in real-time, while the pace and timeline of the incident are coordinated by an exercise control function.

These exercises aim to address incidents with the potential for significant operational, financial, or regulatory impact on the affected entity. The scheme incorporates incidents categorised as Category 3, 4, and 5 within the UK's Cyber Attack categorisation system.

Ian Nicholson, Incident Response Head at Pentest People, commented on the recent designation: "At Pentest People, our commitment to safeguarding businesses extends beyond proactive measures. Being recognised as an Assured Service Provider for the NCSC's CIE scheme cements our commitment. Our industry-leading Cyber Security Incident Response Plan (CSIRP) is designed to help businesses through breaches or cyber-attacks efficiently."

"We understand the critical importance of reducing damage and minimising downtime and aim to support organisations with a comprehensive plan and incident response, thereby ensuring swift and effective mitigation for their businesses."

Pentest People, established in 2018, is a UK-based security consultancy dedicated to offering the benefits of Penetration Testing as a Service (PTaaS). This novel approach to security testing combines the benefits of a consultant-led penetration test and vulnerability assurance through a highly advanced SecurePortal. As a result, clients receive continuous threat monitoring benefits throughout the life of the contract rather than at a single point in time.