Is it time your organisation tested the effectiveness of its information security?
Regular appraisal of your IT environment is essential in order to obtain assurance that appropriate controls are in place to protect essential systems and data.
What is an IT Health Check?
Conducted by a specialist provider, an IT Health Check (ITHC) is an independent assessment of an organisation’s cyber security.
The purpose of an ITHC, as defined by the UK Cabinet Office, is to provide assurance that external systems are protected from compromise, and that vulnerabilities across internal infrastructure and applications are identified and addressed.
An ITHC therefore encompasses external testing of email and web servers, firewalls and antivirus, VPNs and other remote access solutions, as well as internal testing of the build and configuration of networks, servers, endpoints and applications.
Why you need an ITHC
Performing regular IT Health Checks is a requirement of the Code of Connection (CoCo), a set of conditions that all public sector organisations must meet in order to access the Public Services Network (PSN), a UK government system for information and resource sharing. Typically ITHCs should be conducted annually, unless otherwise specified by the PSN team.
As well as helping to ensure that any security mechanisms in place are ‘ongoing and effective’, the CoCo also highlights the importance of effective risk remediation:
“It is important that issues identified in the ITHC (including systemic issues) are addressed. Critical and High risks should either be resolved immediately or else a viable plan for resolution must be agreed with the PSN team. Medium and Low risks may be accepted or subject to remedial action plans.” PSN Code of Connection
In an age of increasing workplace digitisation, with a rise in BYOD and remote working, the CoCo plays a crucial role in helping to establish a baseline level of security across the PSN, ensuring that confidential data shared between public sector organisations is protected.
Failure to comply with the security controls outlined in the CoCo could lead to refusal or disconnection from the PSN network, hampering organisations’ ability to operate and collaborate.
The benefits of regular assessments
Understanding if your business is ready to defend against the latest cyber threats is pivotal to a successful cyber security strategy. ITHCs, as well as similar assessments such as penetration tests, help reduce cyber security risk by:
• Improving cyber awareness
• Identifying wide-ranging vulnerabilities
• Validating the effectiveness of existing security controls
• Improving preparation for genuine cyber-attacks
• Helping to channel future security investments
Choosing the right assessment provider
Organisations looking to receive an ITHC should seek out a provider with the necessary skills and experience to conduct a broad security assessment.
Redscan is an award-winning provider of security assessment services. Our range of CREST-approved engagements include IT Health Checks, Vulnerability Assessments, Penetration Tests (including web app, mobile app, configuration review and network tests) and Red Team Operations.
By possessing a deep understanding of offensive security and providing detailed remediation guidance, our experts can help your organisation to rapidly identify risks and implement the necessary controls to achieve compliance with CoCo and other regulations and standards including the GDPR, PCI-DSS and ISO 27001.