Guernsey Association of Compliance officers
Governance, Risk and Compliance in the Bailiwick of Guernsey
Event 6 September 2023
GFSC Cyber security rules - penetration test preparation
presentation By Carl Ceillam – The Chain Limited
For many years organisations have used penetration testing, sometimes referred to as 'ethical hacking', as a highly effective means of assessing their resilience to cyber-attack. More recently the GFSC Cyber Security Rules explicitly reference penetration testing, and not surprisingly more organisations are looking to commission penetration tests.
However, with many businesses outsourcing their IT, it can be difficult for the responsible officer to know where to begin when organising a test.
In an effort to inform and advise, Carl Ceillam of local cyber security firm, The Chain, will provide an educational presentation on the subject. Topics will include:
• what is a penetration test
• different types of penetration test
• scoping a test that matches your risk profile
• cost-effective approaches to regular testing
• how reporting works, and more.
Date - 6 September 2023
Venue – Harry Bound Room, Les Cotils
Start time - 12:10, finishing no later than 13:30
The presentation is free of charge and lunch will be provided
Book via the events page by close of business Friday 1st September 2023
Attendees are currently restricted to 4 per member firm
Carl is an information security expert, and runs his own cyber security and forensic investigation business, The Chain Limited, based in Guernsey.
He has worked exclusively in the information security field since 2001, initially working as a security consultant at a Big Four professional services firm, before founding The Chain in 2010. His primary disciplines are penetration testing, security auditing, and digital forensics.
As a penetration tester, he has performed assessments for some of the world’s largest organisations. His penetration testing skills are broad, covering all forms of technical penetration testing, web application penetration testing, and physical testing.
In forensics he has led a diverse range of corporate, civil, and criminal investigations. His cases have covered contractual disputes, data theft, fraud, money-laundering, employee misconduct and security breaches.
His IT audit skills cover technical audits against best-practice, as well as more general controls-based audits. In recent years the majority of security reviews have been performed against ISO/IEC 27001, as well as PCI DSS compliance reporting.
He has served an extensive range of household-name companies and government organisations. His client sector experience includes financial services, legal, local government, utilities, retail, e-commerce, manufacturing and entertainment.