Guernsey Association of Compliance officers

Governance, Risk and Compliance in the Bailiwick of Guernsey

Event 6 September 2023

GFSC Cyber security rules - penetration test preparation

presentation By Carl Ceillam – The Chain Limited

For many years organisations have used penetration testing, sometimes referred to as 'ethical hacking', as a highly effective means of assessing their resilience to cyber-attack. More recently the GFSC Cyber Security Rules explicitly reference penetration testing, and not surprisingly more organisations are looking to commission penetration tests.
However, with many businesses outsourcing their IT, it can be difficult for the responsible officer to know where to begin when organising a test.
In an effort to inform and advise, Carl Ceillam of local cyber security firm, The Chain, will provide an educational presentation on the subject. Topics will include:
• what is a penetration test
• different types of penetration test
• scoping a test that matches your risk profile
• cost-effective approaches to regular testing
• how reporting works, and more.

Date - 6 September 2023

Venue – Harry Bound Room, Les Cotils

Start time - 12:10, finishing no later than 13:30

The presentation is free of charge and lunch will be provided

Book via the events page by close of business Friday 1st September 2023

Attendees are currently restricted to 4 per member firm

Carl is an information security expert, and runs his own cyber security and forensic investigation business, The Chain Limited, based in Guernsey.
He has worked exclusively in the information security field since 2001, initially working as a security consultant at a Big Four professional services firm, before founding The Chain in 2010. His primary disciplines are penetration testing, security auditing, and digital forensics.
As a penetration tester, he has performed assessments for some of the world’s largest organisations. His penetration testing skills are broad, covering all forms of technical penetration testing, web application penetration testing, and physical testing.
In forensics he has led a diverse range of corporate, civil, and criminal investigations. His cases have covered contractual disputes, data theft, fraud, money-laundering, employee misconduct and security breaches.
His IT audit skills cover technical audits against best-practice, as well as more general controls-based audits. In recent years the majority of security reviews have been performed against ISO/IEC 27001, as well as PCI DSS compliance reporting.
He has served an extensive range of household-name companies and government organisations. His client sector experience includes financial services, legal, local government, utilities, retail, e-commerce, manufacturing and entertainment.

Latest News


Presentation - 27 November 2023

Mental Wellbeing and the Compliance Professional

Read More


Event 11 December 2023

FIU Update

Read More


Feedback Request from GACO Members

CIFO independent review feedback

Read More


17th Annual European Financial Crime Conference

13 - 14 November 2023

Read More