Security Testing - It Starts With a Question

When Secora Consulting was going through the recent rebranding process our team took a long hard look at the list of services we offered. We wanted to sort our services into a more coherent structure to make it easier for clients to understand which service would be right for them.

Originally, service lines were technology-centric, which is common in this industry. A customer normally has a need for a particular function of their business to be tested and tends to focus on the technology-specific to a business function, this would lead many clients into thinking they needed a technology-specific test. This was not always the case, we realised when speaking to clients, that many were trying to answer a business question rather than testing a business function.

Using this knowledge, we decided to move away from the typical technology-centric service lines and group our services into categories which answered business questions. We found there are four questions we are asked on a regular basis, we used these questions as the foundations for our new service categories;

1. How secure are we?
2. How far could an attacker get?
3. How do we respond to an attack?
4. How do we recover from an attack?

When we know which question a customer is looking to answer it allows us to provide a focused security assessment that ensures we provide them with a clear business-focused answer.

Moving away from the technology-centric approach allows us to offer our clients a more flexible testing experience. We can mix and match between our service lines to simulate real-world attacks hackers subject your organisation to, this enables us to provide you with suitable mitigation strategies on how to prevent such attacks from happening.

Each of our assessments produces a detailed report which contains the following information based on our findings:

• Executive & technical summaries
• An overall business impact assessment
• Findings prioritised by risk
• Technical findings with detailed remediation guidance

Next time you are looking to undertake a security testing project, remember, it starts with a question, ask us and we will help get you the correct answers.