CREST represents the technical information security industry by:
- offering a demonstrable level of assurance of processes and procedures of member organizations
- validating the competence of their technical security staff
- providing guidance, standards and opportunities to share and enhance knowledge
- providing technical security staff recognized professional qualifications and those entering or progressing in the industry with support with on-going professional development
CREST provides organizations wishing to buy penetration testing services, threat intelligence or incident response services with confidence that the work will be carried out by qualified individuals with up to date knowledge, skill and competence of the latest vulnerabilities and techniques used by real attackers.
Almost all organizations in Malaysia will be accustomed to conduct security assessment against their servers, applications and network devices. The duty of this organization personnel would be to identify people delivering the services to be knowledgeable, capable and experienced. When an organization is looking for a security consulting company, below are the items to be clarified and verified before the project is awarded to that company;
- Have appropriate methodologies for delivering technical assurance services, cyber threat intelligence and incident response services
- Have appropriate data handling processes, including data transmission, retention and destruction
- Have appropriate background checks (including criminal and financial checks) taking place across its team
- Have appropriate insurance/indemnity to cover the services that are being delivered
- Have appropriate client escalation and complaints processes
- Is quality focused, and has a consistent approach for delivering services
More information about CREST can be obtained here.