Your network is open to attacks by outsiders through the Internet or by dialing in. The system is also vulnerable to insiders gaining unauthorized access.  Are your system controls adequate in protecting you from these threats? Are your own system controls audited by recognized certifying authorities? Are you aware that compliance to ISO27001 standards meets most of the regulatory requirements such as SOX, HIPPA, etc? 

AGIT has vast expertise in assessing, implementing and helping your company be ISO27001 certified. Any company operating successfully will have good and sound infrastructure that gives it the edge over others. We recognize this fundamental and respect the companies systems in place. Our task will be to enhance your Information Security Management Systems to meet the ISO27001 certification and if required go beyond as specified. 

Security is a matter of whom can you trust. Effective Security is a continuous process, not a product. Organizations today are greatly dependent on their information assets to serve their customers, interact with partners and suppliers, facilitate collaboration among employees in remote and branch offices and enhance productivity. 

Some of the challenges organizations are facing today:·  

• Evolving paradigms of conducting business leading to increased complexity of business logic design and implementation, and richness of transactions·
• Prevalence of threats and breach of confidentiality and integrity of mission essential information·  
• Integration challenges call for massive dependence on networks for smooth functioning·  
• The need to stay ahead of competitors to offer the most attractive suite of services·  
• Security regulations to safeguard the privacy rights of users and afford protection to sensitive and critical information 

Conventional security mechanisms alone cannot safeguard your critical information assets . A holistic and defense-in-depth approach to security is the need of the hour. The need to review your existing security posture, the preparedness of a system or network implementations, and the organizational readiness is critical to the survival of a business and its mission.  

Independent and expert advice throughout an infrastructure deployment or application development project can prove to be invaluable as well as providing a real return on investment during the verification and certification stages of the project lifecycle. Digital Assurance's consultants can offer skilled and expert advice on how to properly implement system, network, architectural and application security to ensure that the project properly accounts for information security from day one. 

Architecture, Design, and Implementation Solutions

The right security infrastructure is required for IS information security. A well-crafted Security Program is essential to build a secured network environment. A good security program calls for several elements of security including security standards, a security policy, and a security audit. We are partnering with several top principals in providing our IS security solutions. 

IS Security Audit

Organizations today are greatly dependent on their information resources to serve their customers, interact with partners and suppliers, collaborate with employees in remote and branch offices and enhance productivity. These factors are so important that the presence of security defense mechanism alone cannot defend the Information Security. The need to review your existing security posture, the preparedness of a system or network implementations, and the organizational readiness is mandatory to the survival of a business and its mission.  The Processes involved are:

1. Assessment with top Management
2. Initial Study
3. Scope and Boundaries
4. Security Policy Finalization
5. Risk Assessment, Gap Analysis, Vulnerability Assessment and Penetration Testing
6. Risk Treatment Plan
7. Statement of Applicability
8. Policies, Procedures and ISMS Manuals
9. ISMS Training
10. Implementation & Verification
11. Compliance Audit
12. Internal Audit Training
13. Pre-assessment Audit by certifying authority
14. Compliant Certificate by ISO27001 Certifying Authority

Intrusion Detection System Assessment

IDS Assesment is a means of evaluating the performance and effectivness of in-house or out sourced intrusion detection systems by means of simulated network or system attack. This type of testing often helps provide assurance that detection measures are effective and that incident handling and escalation communication paths are robust and functional.  

Facility Security Assessments

Our facility security assessments are designed to identify security weaknessess and exposures in physical sites and associated controls. Typically such reviews include an assessment of access control measures, security monitoring & CCTV and site procedures.  

Social Engineering Assessments

Our social engineering services are designed to identify operational and procedural shortcomings that allow people, generally staff, to introduce vulnerabilities and exposures into information systems by way of their behaviour. The objective is not to penalise individuals but rather to identify the environmental causes of poor security which are frequently issues of awareness. 

Wireless Security Assesment

A wireless security assessment seeks to identify security issues and exposures in wireless network infrastructures. These assessments are not limited to 802.11x networks but can also cater for RF modem infrastructures, Infra Red and RF point to point links. Such assessments typically involve examining authentication, access control and confidentiality controls as well as communication availability issues.  

Firewall Implementation and Assessment

A firewall review examines the deployment of a firewall, looking at both configuration and rule-set in an attempt to identify any security issues and where possible improve upon both performance and security by rationalising rules based on business traffic requirements.  

Vulnerability Analysis

Vulnerability Analysis is designed to identify potential vulnerabilities in computer systems, such vulnerabilities are typically related to software flaws or configuration issues. Vulnerability Analysis generally seeks to identify known issues in systems rather than to find new or unique problems and will not involve the exploitation of any problems identified. Vulnerability analysis can be performed against Internet facing systems or internal systems.  

Penetration Testing

Designed to provide higher levels of assurance, penetration testing performed from particular perspectives. Frequently will consist of scenarios such as a penetration test performed from a DMZ network to simulate an attacker who has gained access to a DMZ system, or perhaps simulating an attack by a contractor with access to the corporate internal network. Typically an engagement may include testing a number of scenarios. Penetration testing is designed to identify a wide range of security issues caused by software vulnerabilities, configuration issues, process/operational issues, human error and other technical and non-technical factors.