F-Secure Receives STAR-FS Accreditation from CREST

F-Secure Consulting is accredited as a provider of intelligence-led penetration testing services for the financial sector as part of the CREST STAR-FS framework.

Helsinki, Finland – July 8, 2021: F-Secure Consulting, a research-led cyber security consultancy, has been accredited by CREST, the international accreditation and certification body supporting the technical information security market, to provide intelligence-led penetration testing services for the financial sector as part of the STAR-FS framework.

The STAR-FS testing framework (Simulated Targeted Attack and Response for Financial Services) was developed to support organizations in enhancing their cyber resilience by assessing the effectiveness of financial firms’ cyber capability and risk profile.

With lighter involvement from regulators in comparison to CBEST (a similar framework for which F-Secure has been accredited since its inauguration in 2014), STAR-FS makes rigorous testing standards available to a wider array of financial institutions.

Like CBEST and its European counterpart TIBER from the European Central Bank, STAR-FS assessments leverage red teaming concepts to simulate the tactics, techniques and procedures threat actors have been observed using against financial organizations.

“This accreditation once again underscores our commitment to helping financial firms across the globe, no matter their regulatory territory, to ensure their cyber resiliency in response to the global threat landscape,” says Dave Hartley, Global Technical Director at F-Secure Consulting. “STAR-FS accreditation complements our existing approved and accredited regulatory and supervisory testing service portfolio, such as CBEST, GBEST, TBEST, TIBER, iCAST, AASE, CORIE, STAR, and other tests. When combining these engagements with our full spectrum of rainbow teaming activities, organizations can continuously develop their cyber security capabilities and build resilience in response to the latest threats.”

The STAR-FS process, which is currently undergoing tests and pilot assessments, uses commercially available threat intelligence services to define realistic, current threat scenarios that are used by penetration testers to replicate real-world attacks on critical operational systems. The process allows for consistent formal reports that provide evidence to regulators or supervisors of the evaluated firm’s level of cyber resilience. It also helps firms understand where improvements in their security can be made across the scope of their people, processes and technologies.

F-Secure Consulting is a multi-disciplinary global team that helps enterprises overcome the most complex security challenges and build resilience against the most advanced targeted attacks. Its offerings cover a wide variety of capabilities, including incident response, adversary simulation, and cloud assurance.

About F-Secure

F-Secure makes every digital moment more secure, for everyone. We deliver brilliantly simple, frictionless security experiences that make life easier for the tens of millions of people we protect and our 170 service provider partners. For more than 30 years, we’ve led the cyber security industry, inspired by a pioneering spirit born out of a shared commitment to do better by working together.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.