Our Security Audit & Penetration Testing Services
Our independent audit of your information security highlights the organisational, technical and personnel shortcomings in your company and proposes meaningful measures for improvements. With our detailed plan of action, you receive the foundation for the long-term strengthening of your information security. You also receive recommendations for technical and organisational measures as well as suggestions for building awareness among employees and how to train them.
Our Cyber Security Audit and Compliance Assessment embrace the following areas:
- Security Audit based on ISO 27001/27002
- GAP analysis in terms of ISO 27001 certification
- Security Audit based on NIST Cybersecurity Framework
- Security Audit, penetration test and vulnerability scan based on PCI DSS
- GAP analysis in terms of PCI DSS certification
- Review of the system and architecture
- Penetration test based on OSSTMM
- Vulnerability Scans
- Social engineering audit
The GDPR recommends reviewing data sensitive applications and critical infrastructures for security risks regularly and testing the effectiveness of the implemented security mechanisms. Our GDPR Web Audit detects precisely such security gaps and helps you comply with the GDPR recommendation.
Our external GDPR Web Audit ...
- Assesses privacy-relevant information in accordance with the GDPR
- Detects configuration and operating errors
- Identifies external weak points and thus deviations from the GDPR recommendation
- Identifies the use of tracking software
- Analyses authentication methods and the implementation of encryption
- Verifies the purpose and geolocation of the web application
- Identifies external resources incorporated into the web application thereby ensuring active protection at all times
- Sustainably increases security at a technical and organisational level
- GDPR-relevant IT security features checked point-by-point by an independent
Learn more right here
Cloud services have become an integral part of today’s everyday business life. Out of necessity however, employees often use services that have not even been approved by the company. If sensitive data reaches the cloud during this process, this can have serious consequences. With our Cloud Access Audit, we identify the services being used by your employees and analyse the risk associated with them.
Your benefits of the Cloud Access Audit
- Visibility of the cloud services used and the risks associated with them (risk score)
- Possibility of consolidating and monitoring the cloud services used
- Practical recommendations to improve cloud security
Our penetration tests provide a reliable assessment about the security status while considering all the factors, which could influence security: applications, systems, networks and users. In order to analyse these decisive factors in detail we offer a selection of tests. The result is an individual penetration test, which takes full account of the specific threats posed. Whether your infrastructure is protected against external or internal attacks will come to light in a penetration test conducted by our security experts.
Our Ethical Hacking and Penetration Test offer covers:
- Architecture Review
- Information Gathering
- Check of applications and IT systems
- Check of Clients, e.g. PC, Notebook, Tablet and mobile phone
- Wireless and wired network check
- E-Mail- and Internet-Malware test
- Internal and external Penetration Tests
- Breach Detection & APT Hunting
- Cyber Threat Assessment
- Cyber Attack Simulation
Interested? Get in contact with us!
In conducting a social engineering audit we examine the security behaviour of your employees. Our social engineers attempt by personal contact to your employees steal confidential information by exploiting the trust, good faith and helpfulness or excessive demand and uncertainty of the employees. Depending on the test objective and target group, we use different methods and types of social engineering attack, ranging from direct contact, either by telephone or in person, to electronic channels, such as email, chat or social network platforms, up to postal contact with the target. Where required, we also add the selective handing over of manipulated USB storage media, the systematic data analysis over the Internet, or the evaluation of log files and system information to our attack repertoire.
In principle, we look at how your employees respond to the following aspects:
- Compliance with security-relevant business processes
- Handling sensitive company information
- Compliance with user guidelines
- Compliance with IT security guidelines
- Compliance with access regulations
With our vulnerability management, you have an efficient opportunity to identify, analyse and evaluate possible IT weak points. A vulnerability scan supplies essential knowledge for the evaluation of the current risk situation and the effectiveness of measures, which have already been taken. The VulnWatcher runs periodic automated checks on your IT systems (switch, firewall, server, clients, etc.) to detect and solve weak points and missing patches. A ticketing system monitors any detected weaknesses, including risk assessment, along with information for remedying them. Proactive checks of your ICT infrastructure reveal changes in the systems and detect not only weak points from manufacturers but also incorrectly configured systems. If the system detects weaknesses having a level of potential risk you defined, the system sends an e-mail alarm and/or text alarm automatically to the system managers.
- Proactively verify, evaluate and remedy weak points
- Optimise IT processes through automated scans involving integrated risk assessment and alarms plus a user-friendly ticketing system
- Efficiently monitor compliance with requirements
More than half of all breaches involve web applications - yet less than 10% of organizations ensure all critical applications are reviewed for security before and during production. Clearly, organizations need a way to replace fragmented, manual penetration testing with ongoing, automated scanning so they can protect their global application infrastructures.
Our scalable cloud-based platform secures all your applications across the Software Development Lifecycle (SDLC) - from code development to pre-production testing and production.
Industrial control systems (ICS) and critical infrastructures are frequently referred to together as SCADA and are found in the energy sector, in production systems, in critical infrastructures and in industrial networks and industry 4.0. Their impaired function or failure can have serious consequences. Our security audit will prevent production downtime due to external attackers. The systematic ICS & SCADA audit is a thorough, technical and conceptual security audit of the ICS and SCADA systems and the related components.
- Proactive verification and assessment in ICS and SCADA systems
- Increasing security by following a systematic procedur
- Targeted technical system audit in the form of penetration tests and vulnerability scans
- Risk-based recommendations on measures by security experts with a proven track record
- Efficient review of compliance requirements
Ready for SWIFT Compliance v2020? This year, SWIFT is once again issuing more stringent regulations for financial service providers. New SWIFT controls have been added, and several have been upgraded from advisory to mandatory. A real problem for many companies is the one-year period in which the changes must be made. Where does that leave you?
InfoGuard is a SWIFT assessor and confirmed Cyber Security Provider. Our SWIFT assessment gives you a comprehensive overview of your current status and recommendations for measures that meet Compliance v2020. The SWIFT assessment includes the following:
Kickoff & Planning
- Interpretation of the applicable processes, instructions, systems etc.
- Identification of critical systems
- Defining of the organisation, roles and framework conditions of the project
- Definition of testing range (Scope)
- Creation of interview plan
Establishing the actual situation
- Triage and review of existing documents
- Interviews with relevant employees
Assessment & Reporting
- Identification of divergences from the CSCF and the assessment of these in terms of criticality
- Clarification of open questions
- Coordination of results
- Finalisation and delivery of reports
More information and the enquiry form can be found here: