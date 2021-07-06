F-Secure Receives STAR-FS Accreditation from CREST

July 2021 by Marc Jacob

F-Secure Consulting has been accredited by CREST, the international accreditation and certification body supporting the technical information security market, to provide intelligence-led penetration testing services for the financial sector as part of the STAR-FS framework.

The STAR-FS testing framework (Simulated Targeted Attack and Response for Financial Services) was developed to support organizations in enhancing their cyber resilience by assessing the effectiveness of financial firms’ cyber capability and risk profile.

With lighter involvement from regulators in comparison to CBEST (a similar framework for which F-Secure has been accredited since its inauguration in 2014), STAR-FS makes rigorous testing standards available to a wider array of financial institutions.

Like CBEST and its European counterpart TIBER from the European Central Bank, STAR-FS assessments leverage red teaming concepts to simulate the tactics, techniques and procedures threat actors have been observed using against financial organizations.

The STAR-FS process, which is currently undergoing tests and pilot assessments, uses commercially available threat intelligence services to define realistic, current threat scenarios that are used by penetration testers to replicate real-world attacks on critical operational systems. The process allows for consistent formal reports that provide evidence to regulators or supervisors of the evaluated firm’s level of cyber resilience. It also helps firms understand where improvements in their security can be made across the scope of their people, processes and technologies.

F-Secure Consulting is a multi-disciplinary global team that helps enterprises overcome the most complex security challenges and build resilience against the most advanced targeted attacks. Its offerings cover a wide variety of capabilities, including incident response, adversary simulation, and cloud assurance.