BASIC PILLARS OF SCI RISK APROACH STRATEGY
SECURITY: A secure company should focus on protecting the most risk-sensitive resources which are critical to its performance and image.
SURVEILLANCE: To establish a general awareness of permament risk across the organization. To develop some behaviour patterns that could predict risky situations.
RESILIENCE: To have the ability to contain the damages quickly and mobilize the necessary resources in order to minimize impacts.
TRAINING: Inadequate training of internal employees or collaborators on various types of profiles may cause that all applied efforts both technical and human would come to nothing.
PERSISTENCE: The security of your assets, today protected, within a few months, weeks, even days may no longer be so. Classical audits are no longer sufficient. An audit without persistence has an expiration date with an increasingly shorter length. New attack methods and threats that emerge every day make that the automated solutions provided by other companies do not allow facing up to this dynamics on equal terms. SCI customizes persistence by analysing each individual case and emphasizing the human factor as essential point.
WHO CAN BENEFIT FROM OUR SERVICES?
Large, medium and small organizations from all areas and sectors that want to improve and protect their business continuity, protect their customers and suppliers’ reputation as well as their own.
Those organizations that want to take proactive measures to identify which of their assets are most vulnerable, to understand why they can be compromised and use this information to improve their processes when making decisions.
SCI has its own and exclusive methodologies (R&D) for implementing solutions, in compliance with quality standards that guarantee the proper development of a comprehensive security project at all stages, as well as its sustainability in the future.
This sustainability is based on risk identification and rating, taking into account the specific typology and conditions of each business or scope of action, planning accordingly all its development. Everything will be much more effective if it is conceived and designed considering the activity or business in particular and not using it simply as the same regular pattern for all situations*.
*Nowadays most companies in the same sector base their methodology on the result of information extracted through fully automated tools, of wich a consultant may have neither made a correct interpretation and assessment, nor taken into consideration the real needs of the audited company, by simply processing massive data.
Solutions and services that enable your company to meet all needs in terms of security, integrity, prevention, correction, contingengy and persistence.
• Black box audit (external)
• White/Gray box audit (internal)
• Web application audit
• Security incidents response
• Computer forensics
• Data loss prevention audit (DLP)
• WIFI, RDIF, VoIP, Satellite audit
• APT analysis (persistent threats)
• APPS and source code audit
• BYOD,MDM audit and policies
• Security policies audit
• Social engineering audit
• SSL/TLS audit (certificates)
• Stress test audit, DoS test
• IDS,IPS,FW,VPN and WAF layers audit
• Indentity Management analisys (IAM)
• Cloud services and SaaS analysis
• Visibility analysis
• Analysis of false positives and negatives
• Active Directory, GPO, … analysis
• LSSI, GDPR, PCI•DSS compliance
• Perimeter security
Integration and implementation of specific logical security software.
• Monitoring software
• Alert software
• Control software
Customized training and risk awareness adapted to the expertise of each profile among the users who work for the company.
WTI ‘Web Security Technical Inspection’ is a seal guaranteeing that your website is free from vulnerabilities against possible attacks and threats from cyber criminals.
A quality label that will help you to convey professionalism, reliability and formality and therefore to increase the confidence of the users who browse on your website.
When potential customers visit a web page, they want to find symbols which can provide an image of credibility and web security. This kind of seal is the third element that generates stronger confidence to any website users.
In order to get this seal, the interested company shall pass a thorough security control analysis based on the 10 most important vulnerabilities marked by the OWASP Foundation, a world reference in the sector of the application of methodologies focused on risk analysis for websites.
Control points and risk analysis:
• Broken Authentication and Session Management
• Cross-Site Scripting (XSS)
• Insecure Direct Object References
• Security Misconfiguration
• Sensitive Data Exposure
• Missing Function Level Access Control
• Cross-Site Request Forgery (CSRF)
• Using Components with Known Vulnerabilities
• Unvalidated Redirects and Forwards
• Have a safe website, forget topics such as cyber security and just focus on your professional activities.
• Submit your website to an analysis of the most critical control points and with the highest rate of vulnerabilities regarding current global statistics.
• Provide a professional and confident image to your customers.
• Prevent anything that might damage the reputation and image of your company, such as information leakage, changes on your website appearance, redirects to other web pages…
• Stand out as a transparent company which is concerned with information security.
• Compliance with the quality standards on security measures of your website.
• We will detect security flaws against possible new threats maintaining a constant vigilance**
How to request and obtain this seal:
1.- Request us a commercial proposal and we will adapt it to the size and needs of your website.
2.- After acceptance of the proposal, we will both sign a confidentiality agreement for the processing of data as well as the use of good practices to ensure the appropriate development of the project.
3.- We will analyse your website and submit a results report*.
4.- If the analysis is correct, we will deliver you the WTI seal, a detailed report and we will issue an online certificate so that anyone can see that your website meets all the quality standards concerning security.
To request a business proposal, please contact us.