Educational Penetration Test

A typical physical penetration test involves one or more people attempting to penetrate security, often using a variety of high tech, covert or plain destructive methods of entry. These are necessary but often a thoroughly negative experience for all involved. We’re seen as just picking fault. More to the point, the majority of threats to security are not high-tech, Mission Impossible types (although they might insist otherwise).

Styx Security differs in that we help find the holes in your security and then we create an impact. This usually involves getting caught and creates immediate teachable moments.

It can create a bit of a scene, but provides a victory for your employees and a story to share. The breach has happened and they can learn from it, but the surrounding story will spread. High profile recognition and reward for the person who compromised the operative can help shift the security culture of a business. It becomes a water cooler moment and news of a breach spreads, organically, along with news of the victory and the reward. This is positive reinforcement.

We can help bring your staff into your security solution and empower them to challenge the abnormal.

Aside from the human element, we may be able to combine a lot of your security audit and training obligations into one service.

Who can benefit from an Educational Penetration Test?

  • Businesses holding personal or sensitive information.
  • Companies who may be targeted by activists.
  • Financial institutions.
  • Schools with upcoming OFSTED inspections or concerns about a risk in the community.
  • CNI (hospitals, stadiums, other places within the remit of CPNI / CTSAs).
  • Hotels catering to clients who require security and discretion.
  • Companies who need to change their security culture.
  • Companies covered under the NIS framework.

Other uses:

You may require a penetration test as part of your insurance or licencing conditions.

Insurance premiums can be reduced.

In the event of a GDPR breach, showing you’re serious about information security can help turn a fine into a corrective measure.

Auditing the physical and human side of information security as part of the NIS (Network and Information Systems) framework.

Recruiting your staff to be part of your security infrastructure can greatly increase its efficacy.

Schools can use these tests to help avoid failing the physical security element of OFSTED’s safeguarding requirements and stay one step ahead of evolving requirements.

CNI such as stadiums can use it to help implement the “5Es” framework from CPNI and show to CTSAs that they are training and assessing their staff as per the NCTSO guidance on crowded places. You may find you can combine your audit and training requirements into one.

Phases of an Educational Penetration Test

We can tailor this service to your needs, but they will always follow the same general structure.

If you wish to discuss whether an educational penetration test can suit your needs, please contact us.