Identify, Protect, Detect, Respond, Recover
Vulnerability Assessment and Penetration Test
HOW DOES IT WORK?
Source Code Analysis
This type of analysis is not the basic automated code debugging: by looking at the broader perspective of the application environment, the aim is to find bugs and faults that may not be obvious to a programmer. It is meant to find faults like possible buffer overflows or untidy use of pointers and misuse of garbage collection functions, all of which may be exploitable by a hacker.
Gap analysis is the examination of the actual security level against the potential or desired risk level, based on best practices and current law. The current state (As Is) is depicted and the steps to reach the expected state (To Be) are described. The methodology refers to standards such as the ISO 27001, NIST.
In the most basic form, digital risk is the analysis of the risk to an organization’s digital resiliency. As an organization extends its social media presence, web presence, mobile application capabilities, etc., and has a greater dependency on that digital footprint to achieve its revenue goals or mission, the digital risk increases. Digital risk spans outside the traditional view of cyber threat intelligence tools and technologies. Typical examples are OSINT, SOCMINT.
In order to increase the ability of the end user to spot fake or potentially harmful messages, via email or other media, it is mandatory to test your employee with generic or spear phishing attacks and to evaluate their response; this activity allows the company to assess the related security risk.
Employees are part of an organization’s attack surface, and ensuring that they have the know-how to defend themselves and the organization against threats is a critical part of a healthy security program. Security awareness training is not a one-and-done exercise. Regular security training through multiple media is ideal.