CLIENTS AND CASE STUDIES
Clients
Due to the nature of our business we do not publicly provide details of the organisations to whom we provide security services (References from Local Authorities and private scetor companies can be provided on request).
Example Case Studies
Case Study 1
The Scenario
The company had set itself the objective of growing their business share from large corporates. Although they found these organisations receptive to the company’s offerings they hit an unexpected stumbling block when they discovered the need to demonstrate that their IT systems were secure.
Many organisations are now demanding proof that suppliers’ IT systems are properly secured against unauthorised intrusion as weaknesses in one part of the chain can introduce risk elsewhere. Such proof typically requires evidence of independent assessment by a qualified specialist organisation together with visibility that any remedial work identified has then been properly implemented. Evidence of an ongoing contractual arrangement for regular checks to ensure ongoing protection is also often necessary.
This proved to be the case here.
What Next
Because this was the first time the organisation had come across this requirement they did not have previous knowledge of how to gain assistance.
Becoming aware of this need also alerted management to a range of related IT Security issues and risks they had not previously appreciated.
They decided to obtain competitive quotations and invited a number of information security specialist organisations to submit their recommendations for how they would address this need. The outcome was that Meritec was selected based on value for money, confidence and our understanding of the requirement.
Why Meritec was chosen
There were clear criteria which the organisation knew they would use to assess and compare proposals.
Meritec came out very strongly against those and additionally offered the combined advantages of being locally based, having a long and successful trading history with strong references and a culture of “partnership” working which builds meaningful relationships and trust.
The quotation from Meritec also proved very competitive and the delivery content comprehensive.
Case Study 2
The Scenario
The organisation had suffered an attack on their IT systems nine months previously following which they were assured by their IT suppliers that the vulnerabilities had been closed down. To their surprise they then suffered a further attack, about seven months later this time more damaging. They asked Meritec to undertake a vulnerability assessment and this revealed an alarming number of remaining risks were still present.
What Next
Meritec provided the organisation with a comprehensive report detailing the vulnerabilities identified together with recommended countermeasures to close down those risks.
Following completion of the remedial work arising from those recommendations Meritec will retest the systems.
Why Meritec was chosen
Meritec provided the necessary confidence being a proven, reputable, trustworthy and capable partner particularly well equipped to help with the sensitive nature of work required. All work was specified and priced in advance and only undertaken once the client had authorised it.
Because Meritec is locally based and confidence could be quickly built in our consultants their involvement in the project was made much easier and the outcome has been highly successful.
The client now enjoys improved security and protection against an attack on their IT systems.
Case Study 3 - Public Sector Organisation
The Scenario
The organisation had been through a period of significant change, including bringing their website development and hosting in-house. The IT Manager therefore identified a need for Penetration Testing.
From the start the IT Manager involved his IT team fully in all discussions ensuring a positive approach and identification of specific areas of focus for the testing.
What Next
Meritec successfully completed external and internal testing, including a number of remote locations. A number of security issues were identified and included with recommendations in a comprehensive report.
The follow up meeting to review the report included members of the IT Team as well as the manager, ensuring an exceptionally positive approach to both the testing and follow up actions. It also meant that the team gained maximum benefit from the skills transfer opportunity.
The success for all parties involved was reflected in the subsequent decision to engage Meritec on an annual contract basis to provide on-going security advice and to carry out bi-annual testing.
Why Meritec was chosen
The council was a long standing client for other Meritec Technical Support and their decision was based on the confidence they had in our technical ability and integrity and knowledge that we were well equipped to carry out the work with the sensitivity required.
In the post assignment feedback questionnaire the IT Manager stated:-
‘We were very happy with the penetration testing exercise which went smoothly. We had no hesitation in incorporating this into an annual agreement, and look forward to improving the security of our network in partnership with Meritec’.
Controlled Lab Test – Information Security
The Scenario
The objective was to expose an IT system to the live internet to detect if it became subject to an attack and if so the nature and how long it was before this happened.
Three computers were linked together: One running a popular operating system but with no protection, the second was a firewall properly configured and implemented specifically to suit this requirement and the third a database server used to log activity on the other two systems.
The Findings
After seven minutes a worm (a type of virus that spreads itself from computer to computer over the internet) had infected the unprotected computer.
Fifteen minutes later a different worm infected it.
The Message
Millions of systems are infected by computer viruses each year.
The number of viruses and the incidents of attack are growing constantly. This example illustrates how pervasive this has become and how quickly unprotected or inadequately protected systems become victims.
Standard “off the shelf” protection products do not necessary provide the defences assumed. Protection must be suitable for the job at hand, properly configured and kept up to date.
But more worryingly still is that viruses have actually been overtaken by other forms of attack which have proved even easier to perpetrate and far more damaging.
Don’t be the next business to suffer the damaging effects of an IT attack.
Ensure your sensitive information and systems are secure by arranging for Meritec to undertake an independent IT security assessment for you.