Identify, Protect, Detect, Respond, Recover
Vulnerability Assesment & Penetration test
HOW DOES IT WORK?
Source Code Analysis
This type of analysis is not the basically automated code debugging: by looking the broader perspective of the application environment, the aim is to find bugs and faults that may not be obvious to a programmer. It is meant to find faults like possible buffer overflows or untidy use of pointers and misuse of garbage collection functions, all of which may be exploitable by a hacker.
Gap Analysis is the examination of the actual security level with the potential or desired risk level, compared against the best practices and current law. The current state (As Is) is depicted and the steps to reach the expected state (To Be) are described. The methodology uses the following references: Es. ISO 27001, NIST.
In the most basic form, it is the analysis of the risk to an organization’s digital resiliency. As an organization extends its social media presence, web presence, mobile application capabilities, etc. and has a greater dependency on that digital footprint to achieve it’s revenue goals or mission, its digital risk increases. Digital risk spans outside the traditional view of cyber threat intelligence tools and technologies. Es. OSINT, SOCMINT.
In order to increase the ability of the end user tospot fake or potentially harmful messages, via email or other media, it is mandatory to test your employee with generic or spear phishing attacks and to evaluate their response; this activity allows the company to assess the related security risk.
Employees are part of an organization’s attack surface, and ensuring they have the know-how to defend themselves and the organization against threats is a critical part of a healthy security program. Security awareness training is not a one-and-done exercise. Regular security training through multiple media is ideal.