Nemko has, through its subsidiary System Sikkerhet, extensive competence and experience in evaluation and certification of information security. This competence has enabled an expansion into vulnerability assessment and penetration testing services from a new special laboratory now established at Arendal in Norway.
All product development includes the phases of design – producing – testing. For connected IT products, the testing part includes penetration testing, where the system is scanned for known vulnerabilities as well as being exposed to more sophisticated «attacks». The purpose of penetration testing is both to reduce the risk of breach to happen, but also to limit the damage if a breach actually happens.
The types of vulnerability assessment and penetration testing depends on both the product and its application. Examples are:
- Compliance testing of PCI (Payment Card Industry Data Security) typically for customers handling credit cards where testing is a requirement of the credit card companies.
- Testing of programs running on a web server, for instance registration pages, to prevent abuse. Such pages are particularly exposed by being directly accessible on the Internet.
- Testing the security of networks and infrastructure, including testing of e.g. servers, networks and access control. The most common testing is "from the outside" and “from within” and is often made in connection with certification to the management system standard ISO/IEC 27001 for Information Security.
Both the number and severity of cyberattacks are increasing. Producers of IT equipment and systems as well as the end users are experiencing/discovering how vulnerable one may be for devastating attacks, ref. e.g. the cases reports here and here.
For further information and/or request for services in this area, please contact Oyvind.Storhaug@nemko.com
* This blog is edited by Trond Sollie
Geir Hørthe is responsible for the Nemko cyber security initiative. He has worked at Nemko for more than 30 years, in the capacity of test services, lab manager of safety, ATEX and medical departments. He has also been Managing Director at the Nemko office in London for two years. After he returned to Norway, he held...