Benefits of Professional services
- Training improve awareness and preparedness in the organization.
- Custom-made information on what you need to do to improve routines and policies.
- Extensive Digital Forensic Services when any intrusion or data leakage is confirmed.
- Code validation and Security Audits to pass various EU and US standards.
SIT Professional Services help prepare your systems and your organization to effectively combat information security threats.
What is SIT Professional Services?
SIT Professional Services overview.
We can provide a number of different services ranging from Code Validation for internal development, Security Audits based on various EU and US standards, Red Flag Excercises to test the preparedness of an organization, Awareness Training for the staff, Social Engineering tests to check awareness and test routines and policies.
We also provide Digital Forensic Services if needed to trace and document any instances of intrusions or Information Security fraud.
Why SIT Professional Services?
Sometimes there are other needs when it comes to Information Security that cannot be covered by simply using SIT Appliance or SIT Xternal. This includes different tests, training, simulations and excercises to check and improve awareness and preparedness in the organization.
The additional services we can provide are there for any of those special instances where you need to provide extra information or documentation to a prospective customer or when you need to improve your internal routines and policies. We also provide Digital Forensic Services for those cases when intrusions have occurred or data leakage has been confirmed.
We can also assist in providing documentation to show compliance with different international standards, regulations and best practice recommendations.
SIT Professional Services solutions.
SIT Professional Services provides all different types of tests, training, simulations and excercises that allow an organization to improve not only their technical security level but also mitigate as much of the issues regarding the Human Element as possible.
SIT Professional Services also provides any extra technical tests and solutions not covered by SIT Appliance or SIT Xternal, like Security Hardening, physical testing of wired and wireless networks and more.
Some Common Scenarios
- An Organization needs Awareness training to better understand how cybercriminals operate in order to gain trust or access to information or systems.
- Someone in an organization gets their laptop infected with malicious code and unwittingly brings it to the internal network inside the Perimeter Defense and it needs to be tracked and removed.
- An organization gets directly targeted by a Phishing attack and needs to increase their preparedness in order to defeat this.
Some of our professional services
In-depth Vulnerability Assessments
We perform vulnerability analyzes in wired and wireless networks, external controls against and through firewalls, and analyzes of applications and server environments. We then present a report on the status of the security with improvement measures.
Load analysis and network monitoring
We test the performance and availability in wired and / or wireless systems through various network monitoring tools. The results are analyzed to identify unnecessary traffic, possible conflicts and to prevent unauthorized communication.
Security testing of mobile devices
Detection of vulnerabilities on iPhone, Android and BlackBerry smartphones by using the same attack techniques used by criminals today. Those techniques include phishing, web form phishing, false wireless access points, and wireless MITM attacks.
We test security with solutions tailored to the different types of applications you have within your business. This includes make scripts to test applications that you have developed yourself, and therefore are not generally available.
The control of program code for proprietary systems from a security perspective. In addition, a validation / quality check is made to ensure that the code follows best practice regarding how coding should be done in the safest possible way.
Awareness test of phishing and other social engineering attacks. Testing include; quick identification of goals for testing social engineering; phishing and spearphishing attacks in a controlled way, assess the consequences of successful social engineering attacks.
EU:s data protection reform (GDPR)
We assist with both the technical and the practical impact assessment and to inform about and develop supporting data on this in accordance with the recommendations of the EU data protection reform regarding reporting to the Data Inspectorate.
Digital Forensic Services
We provide Digital Forensic Services for those cases when intrusions have occurred or data leakage has been confirmed. We will trace and document any instances of intrusions or Information Security fraud.
Red Flag Exercises
We provide a rapid assessment to identifies the primary areas of risk and exposure for an organization. The Red Flag Security Exercise equips your organization with clear direction and strategies on how to improve the overall information security.
Learn more about Information Security
IT and Security Audits expects good control
IT and Security Audits expects good control Do you know how your rules are handled in practice? The uncertainty often leads to wrong investments based on subjective judgments. In our audits, we assume your rules and guidelines, but we also check the relevance against the standards and frameworks such as ISO 27000, ITIL and Cobit. Some examples of audits that we usually do are: General IT controls where we verify that a basic control exist. Application audits where we verify that critical applications provide a good internal control. Subject-specific audits, where we consider individual areas or events such as projects, interruption and disruption management, contract disputes, performance issues, management of outsourced operations and validation of systems to be put into operation. The real benefits of IT and Security audits is that you get a basis for decisions to implement improvements and you create a better standby to manage unwanted incidents. Why is IT security an ever-current issue? Society has never been so exposed to threats to IT systems as it is now. “Information warefare” is no longer science fiction, it has resulted in targeted attacks on, among other things control systems and important social functions. We have seen how computer viruses have escalated in scope and become so sophisticated that they change form and content to circumvent the protections used. Malfunctions and misconfigurations in servers, systems and network components have been shown to open up networks for infringement of a large number of well-known companies where company secret information, personal data and credit card numbers have been lost. The biggest difference to the past lies in the fact that the threats have become much more planned and personal with a single purpose: MAKE MONEY. Basically, IT security is about creating well-designed IT systems that can withstand intrusion attempts and limit the effect of incorrect configuration. It is also about creating and maintaining an IT security architecture that can safely manage mobile devices, provide support for active use of social media and manage changes in operations with reorganizations and mergers without compromising security. When it comes to “Cloud Computing”, IT security concerns are one of the strongest inhibitory factors to dare to take the step fully, which is evident in a wide range of studies. This also applies to outsourcing and collaboration with business partners, where system outages have devastating consequences. When we look at business systems, this means that you have to take the step from the security requirements that exist on the paper to being introduced in IT systems and in business processes. It is about introducing “Identity Management” solutions to prevent outside infringement and that you do not abuse information and privileges internally. It is equally important that data is not corrupted, lost or misused, where redundant systems and secure storage are a matter of course. In this context, it is necessary to work with measurable security that complements existing SLAs in order to have a good control of the IT environment of IT security.
New platforms set new demands to IT-security
New platforms set new demands to IT-security. According to a recent survey conducted by the SANS Institute on more than 100 large companies and 1000 smaller companies in the US and Europe, on how they reason about Information and IT security, the following interesting facts can be read: About 75 percent of the companies surveyed are more or much more concerned about IT security problems and different types of infringement now than they were a year ago. Over 70 percent of those surveyed are actively discussing how to protect and control access to data in the cloud or virtual environments, via encryption or various authentication solutions. Mobile device authentication, certificate-based authentication, software authentication, and browser-safe solutions top the list of interest in new authentication solutions. More than 45 percent of those surveyed indicate that they are interested in these new authentication solutions. Just over 67 percent of those surveyed have come a long way in their planning to implement new solutions for authentication and data protection in the cloud, in virtual environments or in mobile platforms. This development is largely driven by increased use of these new platforms. More than half of all respondents say they are looking for or will be looking for new solutions to protect and authenticate data in the cloud, in a virtual environment or in mobile platforms in order to implement this within 9-12 months. In addition, 95 percent of all respondents believe that, although encryption of data or authentication of access to data is important for the future, these solutions must be supplemented by periodic security and vulnerability analyzes of all internal IT systems to verify that all systems keeps the right level. Parallels are drawn to companies that back up their data but then do not check that these backups can be read back, but only discover this at a sharp position where important data cannot be recovered. It is important that you do not blindly trust that the security solutions you have are functioning properly without actually verifying this fact. If an intrusion occurs, it is also important to be able to identify which path the attacker used to fix the vulnerability and potentially be able to track the attacker. The fact that more and more companies are adopting new technologies and new platforms also entails completely new requirements for applications and solutions for managing data security, but also means that new methods and tools for controlling the security of these applications and solutions must be implemented.
Your documents may contain hidden information
Your documents may contain hidden information There is more information than you can believe in many of the files that a company’s employees attach to their email… They contain not only the text you see directly, but also hidden data called metadata, which is simpler data describing data! Metadata in documents can contain sensitive information that could potentially cause great harm to the company if it gets into the wrong hands. On average, about 10% of all business-related emails contain such, potentially harmful, information according to recent statistics. This metadata can include information such as the document’s author, date when it was created, previous versions, pasted text, deleted text, traceable changes, and comments. You can also see who sent and received the document via email! Virtually all file types contain metadata. Due to their wide spread and use in companies, files from Microsoft Word, Excel, PowerPoint and PDF files and images are the most likely to contain potentially harmful metadata. The consequences of unconsciously releasing hidden data can range from less embarrassing to astronomically costly! In the latter category we find the drug giant Merck where metadata found in a document proved that they had deliberately erased cardiovascular risk information when using the drug Vioxx before submitting information to the New England Journal of Medicine. This resulted in Merck having to pay $ 950 million in damages and plead guilty to the criminal charge, according to The New York Times.