Intelligent CISO Issue 53 | Page 13

CREST releases guidance on penetration testing
C body representing the global cybersecurity industry , has announced the release of its CREST Defensible Penetration Test , a specification that provides recommendations on how penetration tests should be scoped , delivered and signed off .
Okta for Good launches new grant portfolio to improve cybersecurity for non-profits
O announced the launch of a Non-profit Cybersecurity
news

CREST releases guidance on penetration testing

REST , the international not-for-profit , membership

C body representing the global cybersecurity industry , has announced the release of its CREST Defensible Penetration Test , a specification that provides recommendations on how penetration tests should be scoped , delivered and signed off .

With significant growth in the numbers of penetration tests being carried out around the world , the need to define best practice has become increasingly important . CREST has worked alongside industry recognised and peer-selected experts to define a minimum set of expectations associated with a penetration test .
The guidance focuses on defining a CREST Defensible Penetration Test and is designed to help service providers and their clients to work more effectively together to conduct penetration tests .
“ A CREST Defensible Penetration Test provides flexibility built around a minimum set of expectations that will drive better outcomes for buyers across the globe ,” said Rowland Johnson , CREST President . “ It provides the industry with a much needed commercially defensible assurance activity that is appropriately scoped , executed and signed off .”
Across the globe it is widely acknowledged that the definitions , practices and expectations associated with a penetration test are inconsistent and fluid . This makes it difficult to define or parameterise a series of activities that looks at all possible requirements , engagements or scenarios . For example , a penetration test may need to assess a mobile phone at one end of the spectrum or an aircraft carrier at the other .

Okta for Good launches new grant portfolio to improve cybersecurity for non-profits

kta , a leading independent identity provider , has

O announced the launch of a Non-profit Cybersecurity

Portfolio and US $ 1,020,000 in grants to support better security across the social sector .
Stemming from Okta ’ s three-year commitment to invest US $ 10 million out of the Okta for Good Fund , a donor-advised fund held at Tides Foundation , this grant comes at a time when nonprofits are facing increased cyberattacks , putting millions of already vulnerable people at even greater risk .
More than 50 % of non-profits report being targeted by cyberattacks , yet most do not have the resources to maintain adequate cybersecurity plans . Non-profits are integral in doing society ’ s most important work in coming together for common good . Their data and the people they serve must be protected .
Okta ’ s Non-profit Cybersecurity Portfolio , which is part of Okta ’ s Non-profit Technology Initiative , is the company ’ s first step in supporting better security for non-profits through six grants that provide resourcing for projects ranging from training to incident response support .
The funds will be distributed between six different organisations and projects , selected in partnership with external non-profit security experts and Okta Security leadership including David Bradbury , CSO , Okta , and Jameeka Green Aaron , CISO , Auth0 , a product unit of Okta .
The grantees selected are :
• CyberPeace Institute
• NetHope
• Norwegian Refugee Council
• Simply Secure
• TechSoup Civil Society Strengthening Fund :
• UC Berkeley Center for Long-term Cybersecurity ( CLTC ) u www . intelligentciso . com
13