CBEST 2.0 Security Assessment Framework
Brief
The CBEST 2.0 Security Assessment Framework is designed to assist organizations as they assess and improve their cybersecurity readiness
CBEST is now widely considered as a world-leading framework for intelligence-led penetration testing of systemically critical organisations. Since the tests are designed to simulate actual attacks, a key component of CBEST testing is effective detection of attacks and accurate reporting of how the attack unfolded. CBEST tests are conducted by CREST accredited penetration testing providers. The tests mimic real behaviours of threat actors as assessed by both UK government and commercial threat intelligence providers. CBEST testing outcomes do not result in a straightforward pass or fail scenario – supervised remediation timeframes can be expected to take between six to twelve months, or longer in some cases, depending on the nature of the remediation plan.
