Aftercare

At RM Information Security we understand that the true value of penetration testing is not realised until the pentest is complete and the triage / remediation begins. This is where our experience and communication skills play a vital role in supporting your business to implement improvements. Some of the ways we help are:

Consultation

Our consultation service is designed specifically to help you, in any way that we can to understand the findings and implement appropriate fixes after penetration testing. 

  • This can be with a variety of audiences depending on who needs to be involved to make the fixes happen, including management, technical teams, suppliers, vendors etc.
  • We can communicate by any preferred method such as calls, screen sharing, email etc. 
  • A separate benefit of post-test dialogue is that we often see this grow into ongoing knowledge sharing and support for technical teams and developers who will typically use us as a sounding board for potential fixes they are looking to deploy. 

Debrief

Onsite penetration testing debriefs can be delivered to include presentations and dialogue with a variety of stakeholders, such as:

  • Directors – Typically we find that directors are looking for a high level summary of the state of their systems with specific interest in the potential impacts and costs involved in remediation. A presentation is typically short (20 minutes) with the opportunity to go into more details or answer questions afterwards. The presentations consist of introduction, background, how we delivered the project, summary view of the state of your systems and questions. If more details are required, we can talk specifically about the details of the vulnerabilities identified and what our ongoing recommendations are.
  • Technical management – Typically this audience is looking to develop a project plan to remediate the pentest findings. This is often a process of accepting the findings and tackling them systematically in order of risk. Our presentation will focus on the classes of vulnerability identified, the technical impacts, what is required to remediate and who should be tasked.  
  • Technical team debrief – These sessions are typically with the people or groups who have been tasked with remediating the findings. The presentation will be interactive and will consist of a practical walk through of each of the findings, confirmation of understanding and the opportunity to discuss in more details. 

Trusted Advisor

Once the testing is complete and the remedial actions have been dealt with, business as usual resumes. We often find at this stage our communication continues and we become more of a trusted advisor that can be approached as a sounding board for a range of topics such as:

  • General security initiatives and ideas 
  • Proposed architecture for new projects
  • Suggested further testing or consultancy projects
  • Changing working practices and policy
  • Developing a roadmap for security improvements

How we work

FOLLOW US

ADDRESS
Peter House
Oxford Street
Manchester
M1 5AN

© RM Information Security Limited 2017.
All rights reserved.

CONTACT
Email: info@rminfosec.co.uk
Phone: +44 (0) 161 209 3939