At the core of our assessment lies the Business Impact Analysis that can be part of your Business Continuity Plan, to safeguard the continuation of operations, in case your infrastructure is affected. Potential losses are identified during the Risk Assessment, to develop defences dictated in the security plan. At the end, we come up with enough information to develop recovery strategies to also form the emergency response plan.
An audit process is the first step of any cyber security approach. Organizations have valuable IT assets (computers, servers, networks and data) that must be secured from external threats. Our operatives need to be informed about these assets, their role and importance. Our audit consists of a checklist, required to measure different levels of risk for different assets.
Audit of information security architecture and implementation of information security policy covers the following areas:
- Information security organization structure
- Roles and responsibilities
- Data classification policy
- Application security policy
- Password security policy
- Data center security and monitoring
- Virus control policy
- Backup policy
- Network policy
- Physical security policy
- Environment security policy
- Incident management policy
- Business continuity and disaster recovery plan
- Internet usage policy
Vulnerability Assessment aims to scan, investigate, analyze and report the risk level of any security vulnerability discovered on public (internet-connected) devices and provide your organization with appropriate mitigation strategies to address those vulnerabilities. The Risk Based Security Vulnerability Assessement method has been designed to specifically identify, classify and analyze known vulnerabilities in a comprehensive report which can calculate the risk of discovered vulnerabilities.
Vulnerability analysis consists of several steps:
- Defining and classifying network or system resources
- Assigning relative levels of importance to the resources
- Identifying potential threats to each resource
- Developing a strategy to deal with the most serious potential problems first
- Defining and implementing ways to minimize the consequences if an attack occurs.
Penetration testing is a vital process for securing any IT infrastructure. In contrast to vulnerability assessment, it doesn’t stop at uncovering vulnerabilities. It goes one step further, at exploiting vulnerabilities in a secure environment, in order to prove real-world attack vectors against an organization’s IT assets, data and humans. Successful completion of a penetration test depends on the team who conducts it.
Our team is highly experienced in this field, with numerous certifications. The highest value of conducting a penetration test is determining the actual feasibility of particular sets of attack vectors as well as identification of additional vulnerabilities that may be undetectable by other procedures. We also provide different penetration testing techniques including but not limited to black box penetration testing.
Our method is unique as penetration testing is conducted by our information security experts hands-on, using manual procedures rather than relying solely in automated applications.
A Security Plan establishes the guidelines for IT practices on a day-to-day basis, providing for a secure and robust environment, to protect your mission, operation and reputation. It supplements your System Security Policies, Standards, and Procedures.
Network Security Plan
This plan is designed to help establishing a secure network configuration, which consists of various parameters including security layering, traffic encryption, networks isolation, equipment upgrades and adoption of newer, secure network protocols. It is one of the most critical steps of the security plan.
Secure Server Configuration
The heart of an organization’s infrastructure lies in its servers. Our team can secure servers of any platform (Windows Server, Linux, Mac OS) including web servers (which are proved to be very prone to vulnerabilities). In addition, servers carrying internal business applications which are usually outdated pose a significant risk.
Securing technical parameters is never enough. Aspida’s Cyber Security division can suggest and assist in deploying ISO-compliant security policies. Such policies should regulate access control, password strength and expiry, information security management system, encryption, data destruction, confidentiality and more.
Securing and Encrypting Data
Imagine your sensitive information being totally safe and confidential even if someone raids your office and steals the disks storing it. Data encryption is now more important than ever and our team can guide you in adopting a realistic encryption plan using latest sophisticated algorithms available. In addition, one should keep in mind that deleted data is not actually deleted unless a secure data destruction procedure is followed.
Security Plan Implementation
Creating a security plan is far from enough. It’s all about implementation. Our team can offer guidance and assistance for actually applying your security plan, predicting and minimizing any consequences of the transition process.
Even if a system or network is adequately secured, it is likely that a security breach will happen. There are several reasons for this, with the most prevalent being human weakness and ignorance. Therefore it is widely accepted that part of a multi-layered cyber defence model, is incident response. After identifying a security breach, specific procedures must follow in order to address the breach and try to backtrack it.
Contain the incident immediately to prevent possible collateral damage. This may mean revoking user accounts, blocking access at the firewall or updating antivirus rules to catch the malicious code. This requires proper identification of the incident and adequate preparation with appropriate tools and procedures already in place.
Eradication & Recovery
Get rid of the malicious code, unauthorized account, or bad employee that caused the incident. Make sure the system meets company standards or baselines, before returning it to service. Systems monitoring has to be continued for any aberrant behavior to be certain that an incident is fully resolved. Furthermore, our team can assist with recovering data lost or deleted during the incident.
Our team can assist you in data & network forensics, in an attempt to locate the attack’s origins and motives. The success of this process depends on preexisting data and log collection. With the adoption of a SIEM system this process can be even more effective and conducted remotely and automatically.
A cyber security incident can cause a major impact on an enterprise’s reputation. Aspida has a strong background on crisis management and can offer consultancy on how to contain such a crisis successfully.