VAPT (Vulnerability Assessment & Penetration Testing) – conducting ethical hacking on your information systems and IT infrastructures (extensively on network, web, systems being used in your businesses). This could also be in the form of a white-box or a black-box testing.
Vulnerability Assessment and Penetration Testing (VAPT) are two types of vulnerability testing.
The tests have different strengths and are often combined to achieve a more complete vulnerability analysis. In short, Penetration Testing and Vulnerability Assessments perform two different tasks, usually with different results, within the same area of focus.
Vulnerability assessment tools discover which vulnerabilities are present, but they do not differentiate between flaws that can be exploited to cause damage and those that cannot.
Vulnerability scanners alert companies to the pre-existing flaws in their code and where they are located. Penetration tests attempt to exploit the vulnerabilities in a system to determine whether unauthorized access or other malicious activity is possible and identify which flaws pose a threat to the application. Penetration tests find exploitable flaws and measure the severity of each. A penetration test is meant to show how damaging a flaw could be in a real attack rather than find every flaw in a system. Together, penetration testing and vulnerability assessment tools provide a detailed picture of the flaws that exist in an application and the risks associated with those flaws.
Digital Forensics – investigating cybercrimes against your business by evidence gathering
carrying out data recovery for deleted and formatted data, doing online tracing of offensive e-
mails for information gathering.
Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.
Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil (as part of the electronic discovery process) courts.
Forensics may also feature in the private sector; such as during internal corporate investigations or intrusion investigation (a specialist probes into the nature and extent of an unauthorized network intrusion).
The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence.
As well as identifying direct evidence of a crime, digital forensics can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources (for example, in copyright cases), or authenticate documents. Investigations are much broader in scope than other areas of forensic analysis (where the usual aim is to provide answers to a series of simpler questions) often involving complex time-lines or hypotheses.
Security Operations Centre – implementing measures for cyber terrorism and delimiting radicalization of the society through the internet, and cyber intelligence for financial institutions, the military and police. Protecting information systems and IT infrastructures from foreign bodies using SIEM tools.
An information security operations centre (or “SOC”) is a location where enterprise information systems (web sites, applications, databases, data centres and servers, networks, desktops and other endpoints) are monitored, assessed, and defended. A security operations centre (SOC) can
also be called security defence centre (SDC), security analytics centre (SAC), network security operations centre (NSOC), security intelligence centre, cyber security centre, threat defence centre, security intelligence and operations centre (SIOC).
A SOC is related with the people, processes and technologies involved in providing situational awareness through the detection, containment, and remediation of IT threats. An SOC manages incidents for the enterprise, ensuring they are properly identified, analysed, communicated, actioned/defended, investigated and reported. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determine if it is a real, malicious threat (incident), and if it could have a business impact.
SOCs typically are based around a security information and event management (SIEM) system which aggregates and correlates data from security feeds such as network discovery and vulnerability assessment systems; governance, risk and compliance (GRC) systems; web site assessment and monitoring systems, application and database scanners; penetration testing tools; intrusion detection systems (IDS); intrusion prevention system (IPS); log management systems; network behaviour analysis and threat intelligence; wireless intrusion prevention system; firewalls, enterprise antivirus and unified threat management (UTM). The SIEM technology creates a “single pane of glass” for the security analysts to monitor the enterprise.
Cyber Security – eliminating child pornography from the society and as well as pornography from business environments. Checkmating cybercrimes such as human trafficking, online bullying and cyber stalking.
Secure Coding – conducting application and software testing to ensure the elimination of any security flaws or bugs. Making sure the development of information systems meet its security standards.
Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of
thousands of reported vulnerabilities, security professionals have discovered that most vulnerability stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include, but are not limited to, the process of executing a program or application with the intent of finding software bugs (errors or other defects).
Physical Security – implementing access controls on business premises such as smartcards, device tracking, CCTV cameras and other surveillance devices. Installing home security systems to remotely control appliances and devices from an isolated location.
Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Physical security involves the use of multiple layers
of interdependent systems which include CCTV surveillance, security guards, protective barriers, locks, access control protocols, and many other techniques.
Physical security systems for protected facilities are generally intended to deter potential intruders (e.g. warning signs and perimeter markings); detect intrusions and monitor/record intruders (e.g. intruder alarms and CCTV systems); and trigger appropriate incident responses
(e.g. by security guards and police).
It is up to security designers, architects and analysts to balance security controls against risks, taking into account the costs of specifying, developing, testing, implementing, using, managing, monitoring and maintaining the controls, along with broader issues such as aesthetics, human rights, health and safety, and societal norms or conventions. Physical access security measures that are appropriate for a high security prison or a military site may be inappropriate in an office, a home or a vehicle, although the principles are similar.
Malware Analysis – studying and eliminating viruses, Trojans, worms, malwares, spywares, ransom-ware off information systems and data storage through the process of reverse engineering.
Malware or malicious software is computer software that can be programmed by any computer programmer using any programming language available intended to harm the host operating system or to steal sensitive data from users, organizations or companies. Malware Analysis is the study of a malware by dissecting its different components and studying its behaviour on the host computer’s operating system.
Malware analysis is a branch of reverse engineering. Reverse engineering itself has many sub domains from binary auditing, exploits dev., intellectual property and algorithm analysis, to encryption analysis, protocol analysis and data format analysis among others. Bulk of the tools and techniques are created in tandem with the underground community of software crackers
(+ORC/The Scene) and malware writers and the legacy are very rich.
There are two main techniques of malware analysis:
Static Malware Analysis: This is usually done by dissecting the different resources of the binary file and studying each component. The binary file can also be disassembled (reverse engineered) using a disassembler such as IDA. The machine code can be translated into Assembly code which can be read and understood by humans. A malware analyst can then make sense of the Assembly instructions and have an image of what the program is supposed to perform. Analyst can also learn ways to defeat and as a result sanitize the system from the infection of the disassembled malware.
Dynamic Malware Analysis: This is done by watching and logging the behaviour of the malware while running on the host. Virtual machines and Sandboxes are extensively used for this type of analysis. The malware is debugged while running using a debugger such as GDB or WinDbg to
watch the behaviour of the malware step by step while its instructions are being processed by the processor and their live effects on RAM.
Patch Management – carrying out updates, upgrades, hotfixes and security patches on information systems, operating systems and installed software. Implementing an anti-virus environment to eliminate malicious codes and software.
Cryptography – scrambling data and communication by encryption to ensure the integrity and confidentiality of data and transmission. Cryptography (or cryptology) is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).
More generally, it is about constructing and analysing protocols that block adversaries; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Applications of cryptography include ATM
cards, computer passwords, and electronic commerce.
Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons from doing do the same.
Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these solutions to be continually adapted.
There exist information-theoretically secure schemes that provably cannot be broken even with unlimited computing power—an example is the one-time pad—but these schemes are more difficult to implement than the best theoretically breakable but computationally secure mechanisms.
The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography’s potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the
disclosure of encryption keys for documents relevant to an investigation. Cryptography also plays a major role in digital rights management and piracy of digital media.
Until modern times cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (called plaintext) into unintelligible text (called ciphertext).
Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a “key”. This is a secret (ideally known only to the communicants), usually a short string of characters, which is needed to decrypt the ciphertext. Formally, a “cryptosystem” is the ordered list of elements of finite possible plaintexts, finite possible ciphertexts, finite possible keys, and the encryption and decryption algorithms which correspond to each key. Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless (or even counter-productive) for most purposes. Historically, ciphers were often used directly for encryption or decryption without additional procedures such as authentication or integrity checks.
Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so; i.e., it is the study of how to crack encryption algorithms or their implementations.
System Audit – IT audits are also known as “automated data processing (ADP) audits” and “computer audits”. They were formerly called “electronic data processing (EDP) audits”. IT systems and infrastructures are audited based on security policy models such as ISO 27001, NIST, PCI-DSS and SOX.
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
An IT audit is different from a financial statement audit. While a financial audit’s purpose is to evaluate whether an organization is adhering to standard accounting practices, the purposes of an IT audit are to evaluate the system’s internal control design and effectiveness. This includes,
but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight. Installing controls are necessary but not sufficient to provide adequate security. People responsible for security must consider if the controls are installed as intended, if
they are effective if any breach in security has occurred and if so, what actions can be done to prevent future breaches. These inquiries must be answered by independent and unbiased observers. These observers are performing the task of information systems auditing. In an
Information Systems (IS) environment, an audit is an examination of information systems, their inputs, outputs, and processing.
The primary functions of an IT audit are to evaluate the systems that are in place to guard an organization’s information. Specifically, information technology audits are used to evaluate the organization’s ability to protect its information assets and to properly dispense information to authorized parties. The IT audit aims to evaluate the following: Will the organization’s computer systems be available for the business at all times when required? (Known as availability); Will the information in the systems be disclosed only to authorized users? (Known as security and confidentiality); Will the information provided by the system always be accurate, reliable, and
timely? (Measures the integrity). In this way, the audit hopes to assess the risk to the company’s valuable asset (its information) and establish methods of minimizing those risks.
Biometrics – installing biometric devices for access controls (both physical and logical access) into critical areas of businesses. Biometrics refers to metrics related to human characteristics.
Biometrics authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.
Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as physiological versus behavioural characteristics. Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent. Behavioural characteristics are related to the pattern of behaviour of a person, including but not limited to typing rhythm, gait, and voice.
Some researchers have coined the term behaviometrics to describe the latter class of biometrics.
More traditional means of access control include token-based identification systems, such as a driver’s license or passport, and knowledge-based identification systems, such as a password or personal identification number. Since biometric identifiers are unique to individuals, they are
more reliable in verifying identity than token and knowledge-based methods; however, the collection of biometric identifiers raises privacy concerns about the ultimate use of this information.
Network Security Monitoring – designing and deploying operations to detect adversaries, respond to their activities, and contain them before they can accomplish their mission. As a system — meaning a strategy-and-tactics-based operation — NSM gives you the ability to detect, respond to, and contain intruders. Yet, intruders can evade control measures that block, filter, and deny malicious activity but NSM will monitor, log and alert such events.
Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional defences. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you
detect and respond to intrusions.
Are you frustrated by the operation of your intrusion-detection system (IDS)? The answer is network security monitoring (NSM). NSM is the collection, analysis and escalation of indications and warnings to detect and respond to intrusions. NSM is not an IDS, although it relies on IDS-
like products as part of an integrated data collection and analysis suite. NSM involves collecting the full spectrum of data types (event, session, full content and statistical) needed to identify and validate intrusions.
A network operations centre (NOC), also known as a “network management centre”, is one or more locations from which network monitoring and control, or network management, is exercised over a computer, telecommunication or satellite network.
NOCs are implemented by business organizations, public utilities, universities, and government agencies that oversee complex networking environments that require high availability. NOC personnel are responsible for monitoring one or many networks for certain conditions that may
require special attention to avoid degraded service. Organizations may operate more than one NOC, either to manage different networks or to provide geographic redundancy in the event of one site becoming unavailable.
In addition to monitoring internal and external networks of related infrastructure, NOCs can monitor social networks to get a head-start on disruptive events.
NOCs analyse problems, perform troubleshooting, communicate with site technicians and other NOCs, and track problems through resolution. When necessary, NOCs escalate problems to the appropriate stakeholders. For severe conditions that are impossible to anticipate, such as a power
failure or a cut optical fibre cable, NOCs have procedures in place to immediately contact technicians to remedy the problem.
Primary responsibilities of NOC personnel may include: Network monitoring; Incident response; Communications management; and Reporting problems.
Business Continuity & Disaster Recovery Planning – virtualization of physical networks and operating systems, UPS installation, solar panels, inverters, carrying out on-site and off-site backups of data and storage systems. Installing devices for hazards such as fire and theft.
A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. It is “a comprehensive statement of consistent actions to be taken before, during and after a disaster.”
The disaster could be natural, environmental or man-made. Man-made disasters could be intentional (for example, an act of a terrorist) or unintentional (that is, accidental, such as the breakage of a man-made dam).
Given organizations’ increasing dependency on information technology to run their operations, a disaster recovery plan, sometimes erroneously called a Continuity of Operations Plan (COOP), is increasingly associated with the recovery of information technology data, assets, and facilities.
Like every insurance plan, there are benefits that can be obtained from the drafting of a disaster recovery plan. Some of these benefits are: Providing a sense of security; Minimizing risk of delays; Guaranteeing the reliability of standby systems; Providing a standard for testing the plan; Minimizing decision-making during a disaster; Reducing potential legal liabilities; and Lowering unnecessarily stressful work environment.
The management of business continuity falls largely within the sphere of risk management, with some cross-over into related fields such as governance, information security and compliance.
Risk is a core consideration since business continuity is primarily concerned with those business functions, operations, supplies, systems, relationships etc. that are critically important to achieve the organization’s operational objectives. Business Impact Analysis is the generally accepted risk management term for the process of determining the relative importance or criticality of those elements, and in turn drives the priorities, planning, preparations and other business continuity management activities.
The foundation of business continuity are the standards, program development, and supporting policies; guidelines, and procedures needed to ensure a firm to continue without stoppage, irrespective of the adverse circumstances or events. All system design, implementation, support,
and maintenance must be based on this foundation in order to have any hope of achieving business continuity, disaster recovery, or in some cases, system support.
Networking & Telecomm – specialized in mid to large sized corporation design and implementation of Local and Wide Area Networks, with the goal of providing increase productivity, employee performance and improved workflow. Our hardware and networking tasks include sales, conducting network surveys, installation and maintenance of computer systems; fibre optics installations; VSAT and wireless installation (WDS)/VPN, WIDS, access
points, controllers; supply and installation of Private Automatic Branch Exchange (PABX) intercom systems for running hybrid business telephone and office phone system; design and implementations LAN (Local Area Network) and Wide Area Network (WAN); VOIP and Intercom installations; telecommuting solutions and e-collaboration setup for companies.
Corporate Training – educating the private and public sectors on security issues and mechanisms. Keeping people in tab with the current state of IT security with security awareness.
People pose what is likely the single largest security vulnerability that we have, or will ever have, in any given system or environment. With most other security problems we can apply a patch, change a configuration, or pile on additional security infrastructure in order to fix the problem.
With people, we unfortunately cannot do this. People can be lazy, careless, or simply make honest mistakes, all the while circumventing our carefully planned security measures from the inside and leaving us wide open to attack. Although we can attempt to apply technical measures to keep untoward activity from taking place, and we can create policy that clearly points out correct and incorrect behaviour, such measures will be for naught if we do not impress upon people some small measure of awareness regarding the issues surrounding security, and train them in the proper behaviours that will keep them and the organization in which they operate on a better security footing.
Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually. Topics covered in security awareness training include:
– The nature of sensitive material and physical assets they may come in contact with, such as trade secrets, privacy concerns and government classified information
– Employee and contractor responsibilities in handling sensitive information, including review of employee nondisclosure agreements
– Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction
– Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication
– Other computer security concerns, including malware, phishing, social engineering, etc.
– Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc.
– Consequences of failure to properly protect information, including potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal penalties
Being security aware means you understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company’s computer systems and throughout its organization. Therefore, it would be prudent to support the assets of the institution (information, physical, and personal) by trying to stop that from
According to the European Network and Information Security Agency, ‘Awareness of the risks and available safeguards is the first line of defence for the security of information systems and networks.’
‘The focus of Security Awareness consultancy should be to achieve a long term shift in the attitude of employees towards security, whilst promoting a cultural and behavioural change within an organisation. Security policies should be viewed as key enablers for the organisation, not as a series of rules restricting the efficient working of your business.’
Consultancy Services – we run state-of-the-art research labs where we try out new things and solve problems that are vital for your services.
IT Service & Project Management – managing projects and making your businesses are service-oriented with quality, cost, time and resources.
General IT Solutions – software design, software unit testing, application development, multimedia production, web design, mobile technologies etc.