What is CREST?
The Council of Registered Ethical Security Testers (CREST) accredits and certifies organisations and individuals who provide Informational Technology (IT) security services such as penetration testing, cyber incident response, threat intelligence and Security Operations Centre (SOC) services.
Established in the United Kingdom (UK) in 2006, CREST has since grown to become an international not-for-profit association that regulates and supports the cybersecurity market in the UK, Australia, Hong Kong, Singapore and the USA, providing benchmarks for the industry globally.
Why is it important to engage CREST approved companies in Hong Kong?
CREST certifies that cybersecurity service providers, like Nettitude, have the capability to accurately assess your company’s web applications, networks and other IT infrastructure and how well they are protected against cyber threats.
All CREST member companies have their business policies, processes, procedures and information security testing methodologies stringently assessed. This is to ensure that companies with the CREST accreditation can competently provide accurate IT security assessments to organisations in Hong Kong seeking cyber protection.
All CREST qualified individuals sit for professional level examinations that test their knowledge and skills.
What types of tests do CREST approved companies have to pass?
When companies apply to be a CREST accredited company in Hong Kong, they are required to submit several documents that rigorously assess the quality of their structure, processes and methodologies to carry out tests such as Vulnerability Assessment and Penetration Testing (VAPT) and cybersecurity Incident Response. They provide information of their company’s details, Human Resource (HR) management, and procedures for the handling of contracts and complaints.
Companies need to have the proper organisation in place, to facilitate requests and support the needs of clients throughout the lifecycle of onboarding, understanding the scope of the task, executing and final reviewing. It would require competent individuals with strong language capabilities and the ability to intuitively understand the clients they deal with.
To further enforce a high degree of accountability, all CREST member companies sign a code of conduct document which legally binds them, ensuring they adhere to a code of ethics, only submitting documents that are accurate.
Nettitude is a CREST approved company and an active member of CREST and our security team consists of CREST Certified Infrastructure Testers (CCT Inf), CREST Certified Web Application Testers (CCT App) and CREST Registered Testers (CRT).
When looking to protect your company’s networks, you want to be assured that you are engaging the services of a credible security company that has rigorous checks in place. Without internationally recognised certification, it is hard to determine whether an IT company has the appropriate knowledge, skills and experience required to provide the right services and solutions for your business.
Nettitude engages a credible third party body like CREST so rest assured that our services, products and professional team meet high standards.
Frequently Asked Questions about CREST
What types of tests do CREST Certified Professionals have to pass?
CREST Certified Professionals sit for examinations that are industry recognised, testing their skill, knowledge and competence. They also should have accumulated about five years of experience (equivalent to ten thousand hours). Through their knowledge and experience, they have the expertise to run full testing programmes, leading other security professionals and fully supporting a client’s needs.
Do CREST qualifications expire?
To ensure quality and those high standards are always maintained, CREST members have to re-submit their entry every year and a full reassessment every three years. All CREST qualified professionals have to also sit for their examinations every three years.
What different disciplines does CREST provide accreditation for?
CREST provides accreditation for Penetration Testing, STAR (Simulated Targeted Attack and Response) Intelligence-Led Penetration Testing, cybersecurity Incident Response, STAR Threat Intelligence, Security Operation Centre (SOC) and Vulnerability Assessment.
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does Nettitude practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.
Get a free quote