|
Our information security consulting service identify vulnerabilities and reduce risk to business assets:
| Security audits |
Assessment and auditing of web applications, servers, networks and wireless access points for compliance with standards such as ISO 27001 and accepted best practices. |
| Vulnerability assessment |
Penetration tests and vulnerability scanning to identify and fix high risk weaknesses of networks, servers and application. |
| Web application testing |
Hands-on and automated testing of web applications, including checking for cross-site scripting, SQL injection and vulnerabilties in application logic. |
| Incident handling |
Containment of network intrusions and malware outbreak, recovery and prevention. Development of incident handling policies, procedures, toolkits,and staff training to reduce damage and downtime.
|
| Hardening |
Securing servers, networks, databases, DNS and other critical services to meet compliance requirements, reduce vulnerabilities, detect intrusions, and reduce the damage attackers can do.
|
| Education and training |
Security training, awareness sessions and mentoring for management, staff and end users. We can develop comprehensive training programs and written material to meet your specific needs and also provide on-site delivery by a certified security instructor.
|
| Policy and procedures |
Review and updating of current security policies and procedures and development of new ones, especially to comply with standards such as ISO 27001, MITS, Controlled Goods Program and PCI DSS. |
Information security doesn't need to be expensive. Nor does improving security have to result in a loss of productivity for users. We use risk management methodologies that effectively balances the value of business assets with the cost and effort needed to secure them.
Our approach is to a develop realistic and effective risk reduction strategy tailored to your specific needs and tolerance of risk. Many of our clients are small and medium-sized businesses so our solutions are very sensitive to costs.
We work with all stakeholders to implement appropriate controls. Technical controls like web application firewalls and malware protection are only part of a solution: we also address risk through improvements to policies, procedures, training and awareness.
|
