IT Security – Caberseg

IT Security

Set of services, solutions, guidelines and tools whose objective is to increase the degree of security of organizations.

It aims to review the security in all layers of the technological infrastructure of an Organization, providing improvement solutions adapted to the characteristics of the organization, in these fields include:

  • Safety Assessment

    To review the security in all the layers of the technological infrastructure of an Organization, providing solutions of improvement adapted to the characteristics of the organization. Of note are the Internal and External Ethics Hacking services, Intrusion Testing, Application Security, Code Revision, Vulnerability Analysis (Wireless inc, VoIP, Critical Infrastructures) and IT Compliance Technical Review.

  • Qualified reports

    Carry out expert reports through the evidence obtained, maintaining the chain of custody at all times, as support for the resolution of conflicts and its subsequent ratification before the competent Court or Court of Arbitration.

  • Solutions Design

    Provide solutions that are effective and adjusted to the real needs of each client. Of particular note are the Secure Network Design services, SIM / SEM Tools, System Baseline, Network Access Control, Honeypot Deployment, Safety Implementation in the Development Lifecycle, and Network and Security Component Tuning.

  • Security Processes operation

    Provide companies with highly qualified personnel to carry out security-related work and provide remote-process security services. Services such as Early Warning, Digital Surveillance, Malware Management, Threat Management and Vulnerability, and Incident Management and Response are offered.

  • Identity and Role Management

    Analyze, define and optimize the processes of authentication, authorization and administration of authorizations, as well as the selection and integration of solutions of provisioning of users.

Ethical hacking is a way of referring to the act of a person using their computer and security knowledge to test networks and find vulnerabilities, then report them and take action, without doing any harm.

The idea is to have the knowledge of which elements within a network are vulnerable and correct it before a security incident occurs.

Hire our services and check if your business is at risk due to low protection or downtime of your computer systems.

Intrusion test aims to assess the security of systems against a possible external attack, simulating what a hacker could try to penetrate information systems and what vulnerabilities could try to exploit.

Generally, two methods are used:

  • The black box method, which consists in trying to penetrate the network without having knowledge of the system to generate a realistic situation.
  • The method of the white box that consists of trying to penetrate the system knowing it completely to test to the maximum the safety limits of the network.

Evaluate any type of process or computer environment, based on recognized reference frameworks (eg COBIT, ISO, etc.) to identify and assess existing risks and propose improvement actions within the scope considered.

Within this section, we can distinguish the following services:

COMPUTER AUDIT OF BUSINESS PROCESSES

Evaluate the risk to which the business processes are exposed with respect to their information systems and in their aspects of integrity, confidentiality, availability of information.

DATA ANALYSIS

Review business and IT processes in quantitative terms of integrity and quality of information and with the help of mass data processing tools.

AUDIT OF PRIVILEGES AND SEGREGATION OF FUNCTIONS

Review the access control environment, privileges and segregation of functions of a Company.

AUDIT AND TESTS OF BUSINESS CONTINUITY PLANS
AND CONTINGENCY PLANS

Review the adequate maintenance and testing of the Business Continuity and Disaster Recovery Plans in accordance with the ISO 25999 continuity management framework.

COMPUTER AUDIT

Evaluate the state of a computer environment according to a reference model, either COBIT (Information Systems), ISO / IEC 27002 (Computer Security) or ITIL (IT Service Management).

AUDIT OF OUTSOURCING SERVICES

Evaluate and review offered by third parties services.

APT means Advanced Persistent Threat.

What is an APT?

Traditionally, we tended to associate cyberattacks with the aim of infecting as many teams as possible, either to increase the chances of gaining some kind of benefit or simply to notoriety. By contrast, APTs are not random attacks, they have specific goals to compromise, with the intention of remaining in those systems and stealing valuable information continuously through the use of malware specially designed for this purpose.

It is therefore a more focused attack and difficult to detect, in addition several attack vectors are used, such as the use of social engineering, beyond simply detecting technical vulnerabilities. It is this, which makes this type of evidence, in addition to reviewing the strength of systems, seeks to raise awareness of the organization’s staff.

Forensic computing, also called computer forensics, computer forensics, digital forensics or digital forensic examination is the application of specialized scientific and analytical techniques to technological infrastructure that allow identifying, preserving, analyzing and presenting data that are valid within a legal process.

This discipline makes use not only of state-of-the-art technologies in order to maintain data integrity and data processing; but also requires a specialization and advanced knowledge in computer science and systems to be able to detect within any electronic device what has happened. The knowledge of the forensic computer includes knowledge not only of software but also of hardware, networks, security, hacking, cracking or information retrieval.