Security Professional Services:
External Penetration Testing
Unique applications have unique security issues. A professional security assessment of your site can locate issues that are difficult to automatically detect. The advantage of a human assessment lies in providing relevant information to your business about the real risks to your company and your consumers. A black box human assessment is an efficient method to locating network and web application security flaws in custom applications that hackers target and that automated security tools often miss. SecTheory can also bring to bear a number of custom and commercial off the shelf tools to identify common security flaws and externally identifiable configuration and patch management issues.
- Web Application Security
- Application and Host Security
- Network Security
Internal Security Assessment
A great deal of the most destructive successful security penetrations originate from within the corporate perimeter or with insider information. Building a robust infrastructure is difficult and prone to faults. Without professional security expertise it is difficult to take into account the nuances of secure architecture and web design.
- Security Architecture Review
- Application and Host Security Architecture Review
- Wireless Security Testing And Review
- Optional Social Engineering Tests
Security Product Management
Building secure applications and technologies requires technical acumen and experience. Identifying markets, developing strategy and expediting development in a secure manner is critical when developing security technologies.
- Innovate and document security projects into BRDs/MRDs/PRDs
- Develop security whitepapers, data sheets, and spec sheets
- Train technical sales staff
- Build in security into the SDLC/PDLC
Compliance Testing and Preparatory Assessments
Our professionals understand the issues your company faces in regards to auditing compliance. Some companies have gone so far to say failing audits is of a greater corporate risk than hackers. The uniqueness of each company is what makes the particulars of auditing so difficult. Being cost effective and distilling issues into digestable and attainable access controls is key. Preparatory assessments can be a cost effective way to gain awareness to critical areas of focus before a real audit begins.
- PCI Compliance Scanning (by approved vendor)
- Sarbanes Oxley Compliance
- Computer controls for HIPAA Compliance
- American Disability Act Compliance
Physical Security Review
When an attacker is willing to stop at nothing, or when the data is easily lost via laptops or transportation of backups, physical security can manifest itself as the largest threat. SecTheory can perform a number of tests to ensure that the security of the data cannot be thwarted by smash and grab or high tech criminal adversaries alike.
- Assessment of Perimeter and Access Controls
- Testing Security Monitoring
- Alarm Testing
- Emergency Response Procedures
Anti-Phishing Strategy Consulting
Phishing is an epidemic and is very difficult to mitigate without experienced professionals aiding the fight. SecTheory has years of experience in anti-phishing technologies and strategy that it can bring to bear to help architect a corporate strategy to fight phishing problems within an organization.
- Assessment of Current Issues
- Corporate Strategy Consulting
- Vendor Assessments