Text Size

  • Increase
  • Decrease
  • Normal

Current Size: 100%

Penetration Testing

Department: 
National Information Assurance
Reference Code: 
CS-GA-03
Target Audience: 
Government agencies
Objective: 
Maintain resiliency in government agencies by evaluating the security posture in information systems.
Description: 

As a trusted partner, Q-CERT will provide penetration testing for government agencies based on Q-CERT engagement policy.

This service will examine information systems in order to determine the security issues including improper system configuration, software or hardware vulnerabilities, security weakness or Laws and web application weaknesses. This exercise will include attempts to compromise systems and exploit vulnerabilities from an attacker’s perspective. It will assist organizations to evaluate their actual security status. Q-CERT will provide technical recommendations and advisories based on the assessment, where applying them would be under the organization’s responsibilities.

Requirements: 
Signing Non-Disclosure Agreement (NDA)• Official approval from Government agency’s management is a mandatory to start executing this service• Government Agency shall understand and accept the risks and business impacts that might be incurred during this exercise. This information will be shared with the agency prior the execution of this service
Deliverables: 
Security assessment reports: executive (for executive managers) and technical (for IT administrators). Reports include findings and recommendations. Follow-up activities to assist implementing the recommendations and mitigating the risks.