Strategic Infrastructure Security

Strategic Infrastructure Security (SIS)

Have you recently felt the need to assess your infrastructure's exposure to malicious and unauthorized users?

When considering security, we cannot consider only specific applications and services, we must consider the wider digital and physical enterprise. The components that make up an organization are vast and sprawling, changing frequently, and contributing to the overall attack surface. Scrutinizing and testing security of all facets of the organization in a relevant and methodical way helps provide assurance of a strong overall security posture. Our SIS Practice provides detailed expertly executed services that meet this need.

Every member of the SIS practice is invested in the realization of a more secure future. In a market saturated with highly skilled technical teams, NCC Group’s Infrastructure Security experts will distinguish themselves through their honesty, efficiency of product, commitment to partnership, and passion for solving your security challenges.

Honesty:  We will always deal transparently, fairly and with empathy for the unique concerns your business faces.

Efficiency:  We will only provide you what you need and will ensure you get the optimum value from each engagement.

Commitment:  Our goal is to build a long lasting partnership working with your team towards the continual improvement and security of your organization.

Passion:  Our team consists of people who genuinely love security, bringing their enthusiasm to every project.


The SIS Services include:

Penetration Testing

Assesses the security of a specific environment or entire organization from the point of view of an attacker. This testing ranges from collaborative assessment of a single environment or scenario, to ‘black box’ testing of an entire network or enterprise; often with internal security teams actively attempting to defend against the test. If an organization wishes to experience an attack simulation that closely models the techniques of real-world adversaries, or wishes to determine their protection against a specific scenario, Penetration Testing provides this through the following approaches:

  • External Attack
  • Internal Attack
  • Physical Intrusion
  • Social Engineering
  • Red Team Breach
  • Wireless Attack

Vulnerability Assessments

Provides security coverage via enumeration and investigation, with a collaborative or ‘white box’ approach. This involves open communication between the operational team and security testers during the engagement. When an organization wishes to gain an understanding of assets and
vulnerabilities across the broadest reach of their company, different technologies and targets are assessed in different ways. All efforts move the client towards a greater overall security posture. This can include the following approaches:

  • Asset Discovery & Inventory Development
  • External Perimeter
  • Internal Enterprise
  • Physical Protections
  • Enterprise Telephony
  • Network Architecture Review
  • Database Assessment
  • Wireless Assessment
  • Low Touch Web Application Assessment
  • Security Capability Assessment

Security Assessments of Specialist Systems

Custom engagements are created to determine security weaknesses in a specific operating or technology environment. Specialist systems should be thought of as ‘special use’ systems or environments that service a very direct purpose. When operationally specific environments are in use we are frequently asked to develop specialist security assessment techniques for those environments or for new and emerging technology. The following specialist systems are common requests from our clients:

  • Electronic Point of Sale (POS)
  • Industrial Control Systems (SCADA / ICS)
  • Building Management Systems (BMS)
  • Automated Teller Machines (ATM)
  • Embedded Devices and Systems

Security Training & Awareness

Training engagements provide instructor-lead discussion and education for your team members. NCC Group has a proven track record for delivering technical security training to a high standard. We empower our clients by increasing the knowledge within their organization, developing internal practices and elevating
key internal teams to a higher level of understanding for complex security
subjects or incidents. Examples of training & awareness engagements include:

  • End user security training
  • Security training for specific job roles (HR, IT, Executives etc.)
  • Security training for security staff
  • Red Team / Blue Team workshops & events
  • Industry and community training events
  • State-of-the-Nation / Threat Intelligence Briefings