Securing business data

Competition Commission - Penetration Testing

Case Study: The Competition & Markets Authority

The CMA (formerly Competition Commission (CC)) had a need to confirm that their corporate network and systems supporting business critical communications were secure from an external & internal perspective. This was in line with maintaining their GSI connection.

The Project

CNS proposed a multi-phased penetration test that included an external testing from the internet on an agreed range of hosts and a time limited, risk based internal penetration test.

CNS also undertook an external security assessment from the GSI to satisfy GSI & ISO 27001 Best Practice recommendations. The mixture of assessment activities offered CC a balanced mix of privileged and unprivileged testing which stringently enumerated all vulnerabilities on the network from a best practice perspective.

By choosing CNS’ security assessment services, CC benefited from a CESG accredited test against their externally & internally facing network infrastructure.

“In the twelve months I have been working with CNS, I have found their technical competence, reliability & account management to be of an excellent standard. This, as with all CNS projects, was delivered to time, budget & stated objectives.

I have therefore no hesitation in recommencing CNS’s services to other interested parties and I look forward to continuing my successful business partnership with CNS in the future”.  

Information Security Officer, Competition Commission

Public Perception

Competition Commission, like any public sector organisation, has to consider carefully how it spends taxpayer’s money and CNS were able to bring the project in on time and to budget.

The Results

CNS enumerated a number of high level vulnerabilities and a comprehensive roadmap to securing those vulnerabilities as well as offering future guidance on best practice was produced for CC, which in turn allowed for an improved level of security practice from both an external & internal viewpoint.

Furthermore, CNS’ security assessment services have allowed CC to demonstrate to the GSI (Government Secure Intranet) that a prudent level of risk management towards data management has been followed. CC have subsequently re-certified their GSI connection following assistance from Convergent on the above security assessment projects.

Get in touch

Talk to our experts today
call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere