Tailored Security

Our tailored security is all about precision security designed
to excel your business needs and requirements.

SECURITY COMPLIANCE & CONSULTING

With our partners S-Blox aim to help organizations that find it difficult to establish a solid security foundation. We cover a range of consultancy; from risk and compliance advice through to establishing a full security management system, that can be used to gain security certification.

  • Can fill CISO roles to manage all aspects of security
  • Help meet compliance requirements, commonly ISO27001 and PCI DSS
  • Security policy review and authoring
  • From technical through security management consulting
SECURITY COMPLIANCE & CONSULTING

INFRASTRUCTURE PENETRATION TESTING

We mimic the techniques that real attackers would use to gain unauthorised access to your systems that could be exploited to lead to a data breach. Focus is on the network and operating system level to identify security configuration and out-of-date software issues.

  • Identify opportunities to gain access to critical data and systems
  • Both Internal (within your network) & external (internet) testing perspectives
  • Security test the IT systems that your customers and staff use
  • Testing can be decided by the criticality of your information and your risk appetite or on specific systems
INFRASTRUCTURE PENETRATION TESTING

WEB APPLICATION SECURITY TESTING

We aim to identify opportunities where unauthorised or legitimate users, can perform an action that will expose your information using your web applications. Examples of web applications include customer portals and e-commerce websites.

  • Find opportunities to defraud
  • Technical as well as business logic testing
  • Identify opportunities to attack your users
  • OWASP Top Ten included
WEB APPLICATION SECURITY TESTING

MOBILE APPLICATION SECURITY TESTING

A Mobile Application Security Test service is an assessment of the security of mobile applications to test whether the information that it stores, processes and transmits is secure.

  • Find opportunities to defraud
  • Assess personal details, critical information, and storage options on the mobile devices
  • iOS and Android mobile applications are security tested (including tablets and phones)
  • Security testing conducted on the mobile device to the backend server
  • Testing to OWASP Mobile Top Ten
MOBILE APPLICATION SECURITY TESTING

ONLINE EXPOSURE ASSESSMENT

An Online Exposure Assessment identifies the type and amount of information that is publicly available on your organisation and how this could be used by an attacker to gain unauthorised access to your systems.

  • Identifies information that can be used for social engineering and phishing attacks
  • To help you understand the implications of the information gathered attack scenarios will be devised
  • Detailed review of all information available on the internet
  • Information gathered includes email addresses, office floor plans, technical details (network diagrams), confidential corporate information (mergers and acquisitions & financial data)
ONLINE EXPOSURE ASSESSMENT

FIREWALL RULEBASE REVIEW

Firewalls are reviewed comparing the rulebase and configuration to your organisation’s security policies as well as to security best practise.

  • Can be approached with a consultative perspective or without prior business knowledge
  • Firewall rulebase understood in terms of its context rather than as a standalone exercise
  • Short medium and long strategies provided to meet your security goals
  • Performed on all firewall technologies

FURTHER SECURITY TESTING SERVICES

Wireless Penetration Testing
From finding rogue wireless access points, performing network segregation testing (Guest to Corporate) and security testing the security of wireless networks.

System Breakout Testing
Identifies methods that a user could circumvent measures put in place to deny or restrict access to particular applications and areas of the network on virtual environments such as Citrix.

Host Security Build Review
Technical security reviews are conducted on database software (such as Oracle, MS SQL Server) and operating systems (such as Windows, Linux) to identify weaknesses that could be exploited as well as assessing departure from best practice.

Security Architecture Assessment
The network will be assessed for it’s suitability to host and transmit the criticality of the data. This can be performed at design to implementation stages.

SECURITY COMPLIANCE & CONSULTING

READINESS
The Security Bureau prepares you for incidents that are likely to affect you. We aim to plan for incidents to minimise the impact and prepare you to getting back to business as usual as soon as possible.

RESPONSE
The Security Bureau can respond to incidents to help you recover from this. We partner with leading legal and PR companies to limit your exposure to unwanted media attention and legal issues.

  • Assessing readiness to any security incident; accidental loss or data breach
  • Board to technical real-world simulations
  • Analysis and consultation of current incident response plans
  • PR and legal partners to provide expert advice - partners include Olswang
SECURITY COMPLIANCE & CONSULTING