At the core of our assessment lies the Business Impact Analysis that can be part of your Business Continuity Plan, to safeguard the continuation of operations, in case your infrastructure is affected. Potential losses are identified during the Risk Assessment, to develop defences dictated in the security plan. At the end, we come up with enough information to develop recovery strategies to also form the emergency response plan.
Vulnerability Assessment aims to scan, investigate, analyze and report the risk level of any security vulnerability discovered on public (internet-connected) devices and provide your organization with appropriate mitigation strategies to address those vulnerabilities. The Risk Based Security Vulnerability Assessement method has been designed to specifically identify, classify and analyze known vulnerabilities in a comprehensive report which can calculate the risk of discovered vulnerabilities.
Vulnerability analysis consists of several steps:
- Defining and classifying network or system resources
- Assigning relative levels of importance to the resources
- Identifying potential threats to each resource
- Developing a strategy to deal with the most serious potential problems first
- Defining and implementing ways to minimize the consequences if an attack occurs.
A penetration test is conducted by simulating real world malicious attacks. the entire systems (network, web, wireless, human aspects) are analysed for potential cyber security weaknesses and exploitation points.
Each penetration test may vary significantly in scope, depending on customer needs, among the most popular ones are the following:
- Internal Penetration Test
- Web Penetration Test
- Wireless Penetration Test
- Social Engineering Test
Our engineers are certified with the CEH (Certified Ethical Hacker) certification by EC Council.
A Security Plan establishes the guidelines for IT practices on a day-to-day basis, providing for a secure and robust environment, to protect your mission, operation and reputation. It supplements your System Security Policies, Standards, and Procedures.
Network Security Plan
This plan is designed to help establishing a secure network configuration, which consists of various parameters including security layering, traffic encryption, networks isolation, equipment upgrades and adoption of newer, secure network protocols. It is one of the most critical steps of the security plan.
Secure Server Configuration
The heart of an organization’s infrastructure lies in its servers. Our team can secure servers of any platform (Windows Server, Linux, Mac OS) including web servers (which are proved to be very prone to vulnerabilities). In addition, servers carrying internal business applications which are usually outdated pose a significant risk.
Even if a system or network is adequately secured, it is likely that a security breach will happen. There are several reasons for this, with the most prevalent being human weakness and ignorance. Therefore it is widely accepted that part of a multi-layered cyber defence model, is incident response. After identifying a security breach, specific procedures must follow in order to address the breach and try to backtrack it.
Contain the incident immediately to prevent possible collateral damage. This may mean revoking user accounts, blocking access at the firewall or updating antivirus rules to catch the malicious code. This requires proper identification of the incident and adequate preparation with appropriate tools and procedures already in place.
Eradication & Recovery
Get rid of the malicious code, unauthorized account, or bad employee that caused the incident. Make sure the system meets company standards or baselines, before returning it to service. Systems monitoring has to be continued for any aberrant behavior to be certain that an incident is fully resolved. Furthermore, our team can assist with recovering data lost or deleted during the incident.