Cyberis has become one of the first cyber security companies to receive accreditation for the CREST STAR-FS framework to deliver intelligence-led penetration testing for the financial sector. The Simulated Target Attack and Response (STAR) scheme has been developed by CREST to meet the needs of Regulators to better understand the current cyber security posture of regulated financial services companies and identify where improvements in security arrangements need to be applied.
STAR-FS mimics the real-world activities of cyber threat actors focused on compromising an organisation’s business services. The methodology uses commercially available threat intelligence services to define realistic, current threat scenarios, which can then be used by penetration testing teams to replicate attacks on operational systems. The framework is currently being tested and is undergoing pilot assessments. It will formally launch following these.
The STAR-FS process is designed to capitalise on the high level of expertise available through CREST accredited service providers to provide appropriate evidence to the Regulator of the level of technical cyber resilience within target businesses. Any worldwide financial institution is able to adopt the new STAR-FS framework, which can be scoped appropriately to inform national Regulators.
“The STAR-FS scheme provides valuable support to financial services Regulators to understand and enhance the security posture of their markets,” said Gemma Moore, Director at Cyberis. “It also helps individual organisations to gain a better understanding of their threat landscape, attack surface and cyber resilience, and to pinpoint necessary security enhancements.”