IT Security

IT Security is in the business of making environments more secure.  As we live in our world today, we are guided to meet compliance of industry specific regulations.  However the Hackers have identified MANY vulnerabilities which expose our environment to issues which are not part of the compliance model. 

This is where IT Security can bridge the cap between Compliance and Security.  We offer complete auditing and assessment services as well as remediation to bring the organization into a better security posture. We review our clients' security of network, servers, applications and data; we provide them with a Security Assessment Report including security vulnerabilities and recommendations to secure their systems and data. Our Security Action Plan provides a prioritized risk response executive summary of tasks that eliminate or reduce our clients' security risks.

 

IT Security Services Categories

  • Security Audit & Assessment Services
  • IT Audit
  • Penetration Test & Ethical Hacking
  • Web Application Security Assessment
  • Wireless LAN Security Assessment
  • Computer Forensic Services
  • Information Security Training
  • Others Services
  • Possession of Certifications

 

Security Audit & Assessment Services

We develop a test plan tailored to meet the needs of customers for the execution of non-intrusive security assessments. Full documented procedures of testing, findings, results and recommendation will be provided to customers.

  • Tailor made for Customer Requirement
  • Non-intrusive Way
  • Identify Potential Risks
  • Technical
  • Operational
  • General Control Review
  • Deliverables
  • Documentation
  • Evaluation Methods, Procedures, Findings, Results & Recommendations
  • Presentation

 

IT Audit

We develop a test plan tailored to meet the needs of customers for the risk based audit approach or COSO. Full documented procedures of testing, findings, results and recommendation will be provided to customers.

  • Tailor made for Customer Requirement
  • Risk based Audit Approach or COSO
  • Technical
  • Operational
  • IT Organization
  • Deliverables
  • Documentation
  • Evaluation Methods, Procedures, Findings, Results & Recommendations
  • Presentation

 

Penetration Test & Ethical Hacking

We develop a test plan tailored to meet the needs of customers for the execution of intrusive penetration test. Full documented procedures of testing, findings, results and recommendation will be provided to customers.

  • Tailor made for Customer Requirement
  • Using Hacker Methodology & Tools
  • Simulate *TRUE* hacking attacks
  • Simulate Internal & External Hackers
  • Intrusive or Non-Intrusive Approach
  • Deliverables
  • Documentation
  • Evaluation Methods, Procedures, Findings, Results & Recommendations
  • Presentation

 

Web Application Security Assessment

To help customer assess the web based application security using black box approach. Common web application security would be assessing in order to let customer understand the issues and provide recommendation to fix their applications.

  • Identify Weakness in Web Applications
  • Cross Site Scripting (XSS)
  • SQL Injection
  • Session Hijacking
  • Weak Authentication
  • Dirty Configuration etc
  • Black Box or Write Box Approaches
  • Intrusive or Non-Intrusive Options
  • Deliverables
  • Documentation
  • Evaluation Methods, Procedures, Findings, Results & Recommendations
  • Presentation

 

Wireless LAN Security Assessment

We will develop a test plan tailored to meet the needs of customers for the WLAN security assessments. Rogue and Evil Twins access point can be identified and located. Security settings in wireless will be evaluated.

  • Identify Weakness in Wireless LAN Deployment
  • Identify Rogue Access Points
  • Determine the Security Configuration of Access Points
  • WEP Key Cracking Test
  • Deliverables
  • Documentation
  • Evaluation Methods, Procedures, Findings, Results & Recommendations
  • Presentation

 

Computer Forensics Services

Provide forensic imaging, data recovery & analysis and investigation services. Investigation scope covers disk, network, internet, email etc. to identify the source of problems and provide recommendation for further analysis and remediation.

  • Investigation of Computer Crime, Policies Violation, Intrusion and Fraud
  • Identify source of problem
  • Scope includes
  • Network, System, Internet, Email, Mobile Phone, PDA etc.
  • Services include
  • Forensic Imaging
  • Data Recovery
  • Data Analysis
  • Deliverables
  • Investigation Report
  • Evaluation Methods, Procedures, Findings, Results & Recommendations
  • Presentation

 

Information Security Training

Provide information security training such as IT Security Awareness, Ethical Hacking, Computer Forensic, CISA, CISSP, CEH, CHFI, CIFI and customized training content to fit customer’s requirement.

  • Tailor Made for Customer Requirement
  • Standard Security Training Courses include
  • Information Security Awareness
  • Ethical Hacking
  • Computer Forensic Investigation
  • CISSP
  • CISA
  • CISM
  • CRP
  • ITIL/ISO20000
  • ISO27001
  • Writing Secure Code

 

Other Services

  • Business/Technical Consultation
  • Pre-Audit Rehearsal
  • System & Network Hardening
  • Security Solution Implementation
  • Security Policies Development

 

To View Use Case