An IT Health Check (also known as an ITHC or pentest) is an authorised simulated attack on a computer system, network or web application to identify vulnerabilities that could be exploited. Testing should be conducted from outside the organisation (external testing) and from inside the organisation.
The vulnerabilities identified are reported back to the system owner along with mitigation recommendations.
An ITHC can also be used to test an organisation’s compliance with security policies, the security awareness of its staff and how effectively it can respond to security threats.
What are the benefits of an I.T. Health Check?
An IT Health Check can assure you that the systems and security controls tested have been configured by following best security practice and that there are no common or publicly known vulnerabilities in the target system at the time of the test. If vulnerabilities are found these can be rectified before an attack or security breach occurs.
An I.T. Health Check will enable you to:
- Manage vulnerabilities
- Avoid extra cost and reputation damage from a security breach
- Provide evidence of compliance with regulatory and certification standards
- Provide assurance to customers and suppliers that their data is secure
We appreciate that every business is different and that the complexity of their I.T. systems varies tremendously, therefore we tailor bespoke tests for each different company.
If you would like a NO OBLIGATION quote, please contact us to discuss your requirements.
How often should I conduct an I.T. Health Check?
It is recommended that external and internal penetration testing should be conducted annually as cyber threats are constantly evolving.
If major changes are made to the infrastructure or new applications are developed, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
What is included in the I.T. Health Check Report?
We supply a full IT Health Check report, which covers the following:
- Executive management summary – Non technical overview of issues for management board level
- Detailed technical findings – A complete list of all issues identified
- Affected Hosts – A list of all hosts affected, including the associated network port
- Risk Level – Impact, likelihood and overall risk ratings are listed for each issue
- Examples – Output or screenshots to demonstrate the issue
- Recommendations – details of how to remediate the issues, including any reference to documents that can assist