STRATEGIC CORPORATE RESILIENCE
Vulnerability testing is critical to your Strategic Corporate Data Resilience & Governance Planning. Data is the new cash, and bad actors will use every vulnerability to compromise the data you hold or manipulate and exploit compromised data within your systems. Allow us to help you stay ahead of criminal activity and protect your clients data and your organisation.
By combining multiple perspectives, integrated teams become more than a sum of the parts. This goes for penetration testing, red teaming and human hacking. WFF’s testing examines your organisation, products, processes and customers through the eyes of a criminal. We identify key vulnerabilities, revealing the attack vectors bad actors will use to damage your organisation. Whilst AJC offers solutions and governance that ensure any vulnerabilities are managed and your organisation stays protected.
Your organisation is best placed to identify strategic areas for concern that you wish us to address. At the start of the test period, an initial strategic planning meeting will offer the opportunity to raise any specific areas for concern that have yet to be discussed. It will also set the parameters for the test.
OVERSIGHT & COMPLIANCE
At the start of this test, we ask that you assign a
designated officer to communicate with us about
the project as a single point of contact. Our testing
then takes a staged approach.
Stage 1 is the planning stage where we work with
you to target the areas of business you are most
concerned about. Here we set the parameters of the
test. This may be setting an objective to be achieved
or setting time constraints on the testing team.
Stage 2 is where we go into testing the people,
processes, products or procedures defined in stage
1. We will attempt a number of attack vectors
including digital and cyber attack, physical and
social engineering (where appropriate).
Stage 3 is where the governance team takes over,
providing a full report both written and audio
visually to your organisation (usually the single point
of contact and the c-suite). Options for remediation
are presented here in an easy to understand report
that highlights examples of good practice as well as
key priorities for improvement in order to build your
corporate resilience.
Using this approach, testing can be paused if
necessary, when vulnerabilities are found and
communicated to your designated officer. This
allows all our testing to be responsive to not only
identifying criminal opportunities but also the needs
of your organisation in deciding how to respond to
any vulnerabilities found.
REPORTING
At the end of the test you will receive a full report for the project, which will include the method of testing, the attack vectors identified, and our recommendations for reducing, managing, or eliminating the vulnerabilities detected. This report is presented as a written dossier and a presentation that includes audio/visual evidence directly from testing with detailed, at a glance, risk-scores.
MITIGATION
Engagements can either be bespoke or formulaic (based on regulation/standards), driven by the customer demand.
Typical engagements include:
- Strategy review
- AML/Fraud
- VISA GARS Review
- VISA Merchant Risk Review
- Cyber/information security
- SWIFT CSP Audit
- Policy frameworks
- Business continuity
- Risk management
- Data protection
- BREXIT
- International standards
- Vendor management frameworks
- Assurance reviews
- Training
- Data Protection Officer
- Chief Information Security Officer
AJC are on a number of approved third party and auditor lists, including those maintained by VISA and SWIFT. They are the chosen partner of Bottomline for the delivery of independent SWIFT CSP Audits.
We Fight Fraud and AJC work together before, during and after any testing to ensure that your organisation is protected from any vulnerabilities found.
YOUR INVESTMENT
There are two different options available when commissioning vulnerability testing. When you have an idea of a specific area of your business that you want to test, or if you would like a general overview of your organisation then we can work with you to create a one-time vulnerability test to address these specific issues. Testing in this way is costed to match the needs of the test given in a brief by your organisation.
Often, businesses need to examine a range of areas, or would prefer to test over a longer period of time. For this, we offer a vulnerability testing relationship (retainer) that can be utilised by your organisation to examine existing vulnerabilities or areas for concern, or alternatively be used to help strength test new products or services during development and/or launch.