Category: JDSSecurity

What It Means To Be CREST (Intl) Accredited

Anyone with a computer and an Internet connection can set themselves up as a penetration testing or cyber incident response service provider.  These could include irresponsible organisations that do not have in place policies, processes and procedures to ensure quality of service and protection of client based information.  The individuals employed by these companies may have no demonstrable skill, knowledge or competence in the provision of security testing.

CREST is an International not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST requires a rigorous assessment of business processes, data security and security testing framework to demonstrate a level of assurance that the information security methodologies used can competently and securely provide customers with a robust assessment of their cyber security posture.

As a result, CREST only provides accreditation to highly trusted professional services organisations, and their employees who provide the often sensitive and high-risk penetration testing, cyber incident response, threat intelligence and security operations centre services.

All CREST accredited member companies are required to submit policies, processes and procedures relating to their service provision to provide added assurance for the buying community.  These policies, processes and procedures include:

  • References for certified individuals
  • Assignment preparation and scope processes
  • Assignment execution processes
  • Technical methodology
  • Reporting templates
  • Data storage and Information Sharing policies
  • Post technical delivery methodologies
  • Asset/Information/Document storage, retention and destruction processes

The buying community needs to be in a position where it can procure services from a trusted company with access to demonstrably professional technical security staff.  CREST provides the buying community with a clear indication of the quality of the organisation and the technical capability of staff they employ.

JDS is a proud CREST (Intl) accredited member company who can confidently provide our customers the added reassurance that our services meet the highest professional and security standards.

Five Reasons Why Your Organisation Should Be Penetration Testing

Modern businesses require an advanced approach to security and due diligence.  Having anti-virus software and a firewall is no longer an efficient strategy to prevent highly sophisticated security attacks which can result in irreversible damage to your organisation.

A professional penetration testing service is the best way to identify the strengths, weaknesses and holes in your defences.  Read on to uncover the five best reasons why your organisation needs penetration testing.

1. Protect Your Organisation From Cyber Attacks

Reports of cyber crime within Australia have increased nearly 15% each year since 2019, with the average reported financial loss per successful cybercrime incident being $50,673. Regardless of your organisational size or sector, cyber criminals view every business as a potentially exploitable prospect. The internet is continuously being scanned in search of vulnerable systems.  Carrying out penetration tests will enable you to identify vulnerabilities that are most likely to be exploited, determine what the potential impact could be, and enable you to implement measures to mitigate or eliminate the threat.     

2. Identify and Prioritise Vulnerabilities

Put simply, a pen test will uncover all of the potential threats and vulnerabilities that could damage your organisation’s IT assets.  The resulting report prioritises these vulnerabilities from low to critical, and further categorises them by likelihood and impact.  This gives your team a clear picture of your security posture, and the opportunity to mitigate the greatest threats first before moving on to less risky ones.

3. Stay Compliant With Security Standards and Regulations

Regular penetration testing can help you to comply with security standards and regulations such as ISO 27001 and PCI.  These standards require company managers and system owners to conduct regular penetration tests and security audits to demonstrate ongoing due diligence and maintenance of required security controls. Not only does pen testing identify potential vulnerabilities, ensuring that you are protecting your customers and assets, but it also helps to avoid costly fines and fees connected with non-compliance. 

4. Reduce Financial Losses and Downtime

Recent studies have reported that the average financial impact of a major data breach in Australia is around $3.7million per incident.  This takes into account expenditures on customer data protection programs, regulatory fines, and loss of revenue due to business operability.  System downtime is incredibly costly – the longer your system is down, the more exorbitant the cost.  A penetration test is a proactive solution to highlight and fix your system’s most critical vulnerabilities, and ensure your team are ready to act if your systems were to go down unexpectedly. 

5. Protect Your Reputation and Company Loyalty

Consumers are extremely quick to lose trust in companies and brands, and all it takes is one security breach or data leak to tarnish your reputation.  Customers and partners of your organisation want to know that their private data is safe in your hands, so it is in your best interest to be aware of any vulnerabilities which may put the company’s reputation and reliability in jeopardy.  

This is just a handful of reasons why organisations should carry out regular penetration tests, but there are many more.  Connect with JDS to discuss your pen testing needs and get a full scope of work customised to your requirements.

JDS and the GO Foundation

The Go Foundation is an inspiring organisation empowering young Indigenous Australians by providing scholarships from primary school through to University.

Co-founded by Adam Goodes and Michael O’Loughlin in 2009, the foundation offers mentoring, leadership, networks and support to GO students on their journey to employment.

JDS is immensely proud to have committed to donating $30k to the GO Foundation over the next three years.

It is an organisation that really resonates, as we recognise the vital importance of ensuring that all Australians have equal opportunity to participate socially, culturally and economically.

Extensive research has revealed that the completion of further education by Indigenous Australians can lead to increased earning capacity, greater employment opportunities, improved health and wellbeing outcomes, and reduced interaction with the justice system. The benefits that can come from Indigenous Australians going further beyond high school with their education can stretch beyond improving and enriching the lives of Indigenous communities – they can benefit everyone.

Positive enabling factors that are likely to increase Indigenous participation in further education include enhancing the quality of school experience for Indigenous students to ensure that culture is recognised, and the aspirations of each student is developed. Additionally, providing access to career advice and guidance, and information on the various choices and pathways available for Indigenous students is linked to increasing the quality of the school experience for Indigenous Australians.

The GO Foundation’s scholarship program provides financial assistance, tools and resources for Indigenous students to ensure their journey through school is rich and rewarding, and a broad range of career options, work experience and paid internships ensures the assistance continues well after the scholarship has ended.    

We hope that by dedicating our long-term support, we are contributing to generational change and opportunities for many students for many years to come.

JDS Security

We take a methodical, risk-based approach to security testing, monitoring, and management so you can be rest assured that your data and business assets are secure.  JDS uses proactive, detailed and industry-best practice threat intelligence to increase your organisations resilience against cyber threats.


Web Application Penetration Testing

Web application penetration testing at JDS is based on the industry-recognised Open Web Application Security Project (OWASP) Application Security Verification Standard. We take a methodical, risk-based approach to testing your applications, evaluating the security posture of your platform, enabling you to identify, eliminate and further prevent security risks within your critical business applications



API Penetration Testing

According to Gartner, in 2022, exploiting APIs will be the most common attack vector for data breaches within enterprise web applications. Our skilled JDS Security team will assess how your API’s could be abused, how authorisation and authentication could be bypassed, and a perform a number of tests in attempt to reveal any existing security vulnerabilities.



Security Monitoring

As a Splunk Elite Partner, JDS leverages our expertise to implement SIEM software Splunk Enterprise Security (Splunk ES) to monitor your organisation’s activities and meet your security audit and compliance requirements.

Network Penetration Testing

JDS can perform an in-depth security assessment of your corporate network perimeter (both internal & external) using automated tools and manual techniques. Our security professionals will emulate the methods that a malicious actor might use to attack your network, exploiting weaknesses in operating systems or networks, to gain access to your organisation’s secure data and “crown jewels”.




Cloud Security Compliance Audits

As more organisations migrate their sensitive information and services to cloud environments, it is critical to consider the impact on privacy, security and compliance efforts. The JDS Cloud Security Compliance Audit will provide essential insight into your cloud security for full regulatory compliance.



Vulnerability Management

JDS can assist with organising tedious and complex vulnerability findings to provide effective prioritisation and remediations for complete visibility of your network and infrastructure.


CREST (Intl) ACCREDITATION

CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security market.
After being independently assessed to demonstrate proficiency and compliance in the knowledge and delivery of Penetration Testing, JDS Australia has been recognised with Crest (International) accreditation.  
CREST requires a rigorous assessment of business processes, data security, and security testing framework to demonstrate a level of assurance that the information security methodologies used can competently and securely provide customers with a robust assessment of their cyber security posture. As a result, CREST only provides accreditation to highly trusted professional services organisations, and their employees who provide the often sensitive and high-risk penetration testing, cyber incident response, threat intelligence and security operations centre services.
Becoming a CREST accredited member company validates the level of confidence that customers will experience when working with JDS, a highly skilled and trustworthy Australian organisation.