“Ambersail has provided high quality penetration testing services to Exact Mortgages for some time. Testing is comprehensive and reporting is excellent. The Ambersail team are all extremely helpful and available whenever we need them – even for the simplest of advice. We continue to find Ambersail’s services very useful. ”
Head Of IT, Exact Mortgages
Should I Perform GDPR Penetration Testing?
This is a very good question.
To answer it, let us go straight to the GDPR. The regulation introduces a ‘Security Principle’ in Article 5(1)(f) which states that personal data is:
“Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Before the GDPR was introduced, we relied solely on the Data Protection Act 1998 for protection. However, the GDPR goes further as it highlights what security measures you need to put in place. Also, what was ‘best practice’ in the old 1998 Act is now a legal requirement in the GDPR.
Yet still, as you trawl your way through the GDPR, it is often not clear exactly what you should do.
Questions arise such as what actual security tasks do I need to perform? What assets should I protect? How do I demonstrate that I am doing the right thing?
Keep Your Eye On The Basics.
Remember that the GDPR expects you to protect all personal data. Unfortunately, it does not have a detailed set of requirements to guide you. However, security frameworks such as ISO27001, PCI DSS and Cyber Essentials can prove very helpful.
If you are not familiar with these standards, take a quick look. Each follows a similar approach to reduce risks when handling important information. They are also recognised by the official GDPR bodies such as the ICO (Information Commissioner’s Office) in the UK.
These standards consist of useful processes and procedures to help your security efforts. All include penetration testing to confirm how secure your controls are.
By following these frameworks, you are not only adhering to a recognised set of security principles, you are actively securing the personal data you need to protect.
Easy To Get Started
Our test team can guide you on how to get the best value from GDPR penetration testing.
- We provide straight forward testing packages aimed at getting you secure and satisfying GDPR.
- We will work with you to deliver a service within your budget.
- Our CREST team has been testing clients from all over the world for over a decade.
- We are easy to talk to. We cut through tech-speak to help you understand what we have found and how to apply fixes.
- Our team delivers findings in easy to understand reports.
Contact us to get started.
GDPR Penetration Testing To Protect Personal Data.
Always look to protect the personal data that you hold. The network that stores or processes this data forms the target for penetration testing.
You need to test how easy it is to access that network and the personal data held or processed there.
The tester should confirm that all routes into the network are secure and only allow the right people access. These routes include external (Internet facing) networks and any unrelated internal company networks.
One of the main aims of GDPR is to make sure that personal data is secure and access is limited to only the people that need it. More useful information here…