Cyber Security

Security Audit

Shield

Our audits contemplate the analysis of compliance with standards, regulations and/or laws of the following needs:

 

  • 1.Information Security Audit: Based on ISO 27001 and ISO 27002 standards.
  • 2.Risk Analysis: Based on ISO 27005 and ISO 31000 standards.
  • 3.Diagnosis of Personal Data Protection.
  • 4.Analysis according to PCI-DSS: Compliance with the 12 requirements of the PCI Council.
Shield

As a result, there will be audit reports, which identify the risks, severity levels and the respective recommendations for the adaptation of the environment in terms of information security.

Security politics

Shield-1

Acquire a normative set, tailored to guide your collaborators, clients, suppliers in terms of information security, meeting legal, regulatory and regulatory needs.

  • 1.Standards: ISO 27001 (Information Security Management System and ISO 27002 -Controls-).

  • 2.Risks: Standards with ISO 27005 and ISO 3100.

  • 3.Resolutions.

  • 4.Privacy: Beyond ISO 27701.

  • 5.Compliance: according to the PCI Council.

  • 6.Other needs according to the sector, legal, standards and regulations required of your company, beyond those required of your business.

As a result, there will be a set of security regulations, composed of guidelines, standards and terms of acceptance.

Technical Vulnerability Analysis

Shield

Identify technical weaknesses in systems (also known as invasion tests or Penetration Testing), in order to adapt your environment to security flaws.

The technical vulnerability analysis process consists of following the following premises:

 

  • 1.Meet the requirements of the regulations, legal and / or regulatory.

     

  • 2.Validating operating systems, applications, services and various devices (such as network equipment, industrial devices, IoT, among others).

     

  • 3.Adoption of methodologies such as OSSTMM, OWASP, NIST 800-115.

Measure risk levels according to the CVSS.

As a result, technical vulnerability reports, executive summary content, proof of technical weaknesses, security recommendations and severity level will be obtained.

Security Awareness

Shield-1

Understand the risks in threats in their daily environment that allows their collaborators, they will be the disseminators of good practices in information security.

We developed an awareness program to be composed of:

 

  • 1. Conferences: Content for the general public lasting from an hour and a half to two hours.

  • 2. Workshops: Content for a specific audience lasting from four to eight hours.

  • 3. Production of materials: Cards, flyers, banners, videos and other promotional content.

  • 4. Evaluation: Through test applications such as CloudPhising and/or questionnaires applied after an awareness campaign.

As a result, the collaborators (employees and/or suppliers and/or clients) will understand the needs of information security, through objective measures.

Information Security Consulting

Shield
  • 1.Technical support: In matters involving cryptography, access controls, firewalls, access control systems (such as active directory) and system hardening.

     

  • 2.Architecture support: We recommend the best options in network and system architecture, based on On Premise technologies and/or cloud environment.

     

  • 3.Support in processes: Together with your businesses, we determine processes that help increase security, examine the armoring of your businesses.

 

Copyright © 2022 utahsoftware.us