• Security Audits
• Security Planning
• Information Security Management Systems
• Platforms & Services Security
• Security Operations Center
• Specialized Solutions

Security Diagnostics

Security Diagnostics is aimed at assessing the level of security of a certain organization and can basically be approached in two ways: The first requires performing an Information Systems Risk Analysis, while the second compares the level of security of an organization against a standard. The risk analysis is based on the use of qualitative and/or quantitative methods to determine the assets, their value, their vulnerabilities and the threats to which they are exposed in order to assess the risk involved. The second approach is based on the identification and attainment of pre-established levels of maturity, such as CObIT or ISO-17799, in the areas of Security and Information Technologies.

Vulnerability Audits

Vulnerability audits, also known as penetration tests, are used to ascertain an organization’s technological security state and the impact it might suffer from systematic exploitation of vulnerabilities at each access level. This is a way to simulate what a person with advanced technical knowledge who is not associated with an organization could do through the Internet or through remote access services. Optionally, other profiles and/or situations can be simulated, such as: suppliers through dedicated connections, different employee profiles within an organization, users of applications such as online banking, procurement portal users such as bidders, direct connections to network connections in meeting rooms, connections to WiFi networks without prior authorization, etc.

Compliance Audits

Compliance Audits determine the range between the current and the ideal situation as compared to legal policies in effect or the document and procedure structure of an organization. To this effect, a framework of reference is initially established and a gap analysis performed to identify the percentage of compliance. The most common audits compare the organization to what is established by the Spanish Law on Personal Data Protection (LOPD) or the Spanish Law of Information Society Services (LSSI). The most specialized audits determine the level of compliance with Security Policies, specific procedures, Service Level Agreements, or specific security instructions.