Security Audits

Providing Services and Technology Solutions for the security of Information Systems since 1993

Security Diagnosis
Our services seek to identify an organization’s state of security by means of two complementary approaches: an information systems risk analysis or by comparison with a standard. The first approach determines the assets, their value, vulnerability and threats, to ascertain the risk they run. The second is based on an identification and achievement of pre-established maturity levels according to references like CObIT or ISO 27000.

Application life-cycle security
GMV believes that corporate application code security, including web apps, should be analyzed with special care. These applications, after all, serve as support to increasingly sensitive processes given the nature of the information handled, and their security maturity might well turn out to be less than expected. GMV not only analyzes application security from different points of view (black-box testing, privilege escalation, source code review, etc) but also grafts on security as an ongoing process throughout the whole life cycle of any corporate application.

Technological audits
Technological audits determine an organization’s degree of technological protection against any malicious activity from inside or outside it. Our services simulate activities of this type in a controlled way by means of a series of intrusive tests covering all possible attack vectors. The aim in view is to minimize the impact of Advanced Persistent Threats (APTs) or attacks by hacktivist groups. 

Compliance Audits
Compliance audits determine the gap between the real and desired situations in terms of current legislation or an organization’s documentary and procedural structure. After the desired benchmark has been set, a gap analysis is conducted to identify shortfalls. The commonest audits analyze an organization’s performance with regard to the Spanish Data Protection Act (Ley Orgánica de Protección de Datos: LOPD), the Information Society Services Act (Ley de Servicios de la Sociedad de la Información: LSSI), the National Security Scheme (Esquema Nacional de Seguridad: ENS) or PCI (Payment Card Industry) while the most specialist determine the level of compliance with political security, certain procedures, service level agreements or given security instructions.

GMV boasts the status of Approved Scanning Vendor (ASV) under the PCI Data Security Standard (PCI-DSS)




Some of GMV’s cybersecurity clients