loader image
  • Address: 7358 Olaya Street, King Fahd District P.O.Box 12262 Riyadh, Saudi Arabia
  • Email: [email protected]

Security Diagnostics

A security Diagnostic is a systematic evaluation of the security of a company’s information system by measuring how well it conforms to a set of established criteria.

LL

 Security audits, vulnerability assessments, and penetration testing are the three main types of security diagnostics. Each of the three takes a different approach and may be best suited for a particular purpose. Security audits measure an information system’s performance against a list of criteria. A vulnerability assessment, on the other hand, involves a comprehensive study of an entire information system, seeking potential security weaknesses. Penetration testing is a covert operation, in which a security expert tries a number of attacks to ascertain whether or not a system could withstand the same types of attacks from a malicious hacker. In penetration testing, the feigned attack can include anything a real attacker might try, such as social engineering. Each of the approaches has inherent strengths, and using two or more of them in conjunction may be the most effective approach of all.

Security Audit

Our Security Audits are based on industry-accepted standards such as PCI DSS , FISMAGLBASOXHIPAAISO 27001 etc.., and legal requirements specific to the industry and country. The auditing approach is designed to cover all aspects of security including People, Processes and Technology. Our consultants are certified as CISSP, CISA, ISO 27001, and GCIA. More importantly, they possess possibly the widest array of technical expertise.

Previous experience in this segment includes application security assessments for CRM and ERP software of large manufacturing and financial firms, e-commerce applications for some of the largest online stores, and client-based encryption software among others. 

Industry Expertise

We have conducted security audits for a wide variety of industries including the following:

Pharmaceutical

  • Banking and Financial Institutions
  • Information and Communications Technology (ICT)
  • Hospitals & Healthcare (HIPAA)
  • BPO, Call Centers, and ITeS
  • Telecommunications
  • Media & Marketing
  • Manufacturing
  • Trading
  • Aviation
  • Stock Exchanges & Stock Brokers
  • Insurance

Vulnerability Assesments

Vulnerability assessments, also known as vulnerability analysis, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.

Vulnerability analysis consists of several steps:

  • Defining and classifying network or system resources
  • Assigning relative levels of importance to the resources
  • Identifying potential threats to each resource
  • Developing a strategy to deal with the most serious potential problems first
  • Defining and implementing ways to minimize the consequences if an attack occurs.

If security holes are found as a result of vulnerability analysis, a vulnerability disclosure may be required. The person or organization that discovers the vulnerability, or a responsible industry body such as the Computer Emergency Readiness Team (CERT), may make the disclosure. If the vulnerability is not classified as a high level threat, the vendor may be given a certain amount of time to fix the problem before the vulnerability is disclosed publicly.

The third stage of vulnerability analysis (identifying potential threats) is sometimes performed by a white hat using ethical hacking techniques. Using this method to assess vulnerabilities, security experts deliberately probe a network or system to discover its weaknesses. This process provides guidelines for the development of countermeasures to prevent a genuine attack.

Penetration Testing

An Internal Penetration Test seeks to identify vulnerabilities and the extent of these, should an attacker gain access to the internal corporate network.

Internal assessments examine the potential for attack in the event that a Trojan program is brought into the network or a malicious attacker (employee or not) gain access to the LAN/WAN. This service uses the same testing techniques as in the external assessment, but applies them to internal systems, with a test point on the local LAN, without (router, firewall, or IDS/IDP) filtering in-between.

External Penetration Test provides a thorough examination of internet-facing systems from the perspective of a hacker. This service delivers a view of your internet visible network perimeter from the perspective of a remote external attacker, using a combination of manual testing, investigation, and analysis combined with the use of open-source security scanning tools, and manual exploitation of relevant vulnerabilities by experienced consultants.

Do you have a question or concern?

We are happy to communicate with you at any time, please feel free to send your message

Contact us