NEWS
An industry association has been created for ethical hackers, in a bid to reassure buyers of systems and applications that such products have been sufficiently tested.
The Council of Registered Ethical Security Testers (Crest) made its public debut this week at the Infosecurity Europe conference in London. The aim of the council is to standardise ethical penetration testing and provide professional qualifications for the testers.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Crest chair Paul Docherty said: "Penetration testing is a widely accepted method of assuring information security and has become an integral part of many organisations' operational and technology risk management programmes. Yet despite the widespread use of penetration testing, there has historically been a definite lack of agreed commercial standards and practices. We formed Crest with a number of other providers in order to supply a high level of standard to companies who engage with security testers."
Crest's advisory panel includes representatives from insurance group Aviva, Lloyds TSB and the NHS. Aviva's David King said the organisation would "provide an industry standard to allow the purchasing community to have confidence [in the products they are buying]".
Member companies are part of the new Crest trade body, which will govern the Crest professional body that provides for individuals who are not employed by the member companies, in areas such as exams.
Crest is running certification examinations in two streams: infrastructure testing and web-application testing. Testers can either apply for certification at the corporate level, which costs £7,000, or on a standalone level as a "Crest associate", which will cost them £1,600 to sit the exam.
