Vulnerability Assesment
Vulnerabilities are the weaknesses/holes that allow threats to be realized/manifested. In other words, systems are compromised through weaknesses in their security. Vulnerability Assessment is a valuable first step in discovering the vulnerabilities in your network devices, servers and applications.It is a cheap way to quickly get a clear understanding of how vulnerable your systems are to attack.
Penetration Testing
Penetration Testing provides the most thorough test of security defenses. Security professionals will scrutinize all hosts in scope for any weakness or piece of information that could be used by an attacker to compromise a system and disrupt data confidentiality, integrity and availability. They will go the extra mile and actually exploit identified vulnerabilities in order to assess the true impact of a potential attack.
Incident Handling
An IT security incident is an adverse event in a computer system or network caused by the failure of a security mechanism or an attempted or threatened breach of these mechanisms. Organizations must react to potential information security breaches quickly and in an orderly manner.
Efficient incident handling procedures and investigative techniques are necessary to determine if a breach has occurred, to identify the vulnerability exploited, to constrain the breach, to identify the source of the attack and to gather critical evidence that can be used in legal proceeding. Incident-handling capability should be available 24 hours per day, 7 days a week.
Web Application Security Assesment
Web applications are complex pieces of software that contain numerous vulnerabilities and provide a logical tunnel from the Internet to the back-end databases. A Web Application Security Assessment helps organizations identify weaknesses that may allow attackers to compromise the security of their web application and ultimately their network.
In recent years, web applications have grown dramatically popular, with organizations converting legacy mainframe and database systems into dynamic web applications. These applications allow customers/users to directly access personal and confidential information, encouraging a self-driven model which in turn leads to a decrease in business costs.
Internal Security Assesment
When protecting the confidentiality, integrity and availability of organizational information it is important to realize that a potential attack can come from inside the network as well as from outside.An Internal Security Assessment focuses on the strength of servers, the controls provided by firewalls and the potential vulnerabilities on the internal network.
IT General Controls Review
For some organizations, information and the technology that supports it may be considered their most valuable assets. Safeguarding these assets while supporting the organization’s business objectives, represents a very complex and critical undertaking.
IT Security Policy Development
Written information security policy documents are a formal declaration of management’s intent to protect information. They are documents that outline specific requirements or rules that must be met and lay down the foundation upon which all information security related activities are based.
Security Awareness Training
Information security technologies have greatly improved in the last decade. But what dangers did this change bring? Has the weakest link of the security chain also been strengthened? The reality is that whilst security software and hardware devices are becoming more ”intelligent”, computer users are not educated on information security risks and are hence becoming targets of social engineering attacks.