Building a solid Risk Management strategy in today’s workplace goes far beyond the traditional activities of Network Security Management. In recent years, medium-sized companies have had structured Information Systems security with the introduction of internal auditing.
Internal Information Systems Auditing consists of a systematic process of verifying the compliance of information systems as provided for by rules, regulations or internal policies. Vulnerability Assessment is a series of practical or intellectual services that supports the company or the group of auditors in the discovery, identification and mitigation of Information System vulnerabilities.
Vulnerability Assessment plays a critical role in Vulnerability Management because the tools available to meet the needs of Security Configuration Assessment are increasing and act on newly developed areas such as virtualized environments, cloud computing and mobile access.
Specialized Vulnerability Assessment and Penetration Testing activities in the following areas.
Network/Infrastructure: Check the security level of wired networks, wireless, servers and endpoints in accordance with OSSTMM ISECOM methodology.
Application: Check the security level of business applications in accordance with the methodology established by the International Scientific Community and summarized within the Open Web Application Security Project (OWASP).
Endpoint Protection Assessment: Verification of the effectiveness of endpoint protection through customized testing of your organization’s infrastructure.
Monitoring and prevention: advanced SIEM solutions for collection, correlation and generation of security alarms. Custom solutions for the prevention of early cyber threat warning.