Security Audit & Penetration Testing

Our independent audit of your information security highlights the organisational, technical and personnel shortcomings in your company and proposes meaningful measures for improvements. With our detailed plan of action, you receive the foundation for the long-term strengthening of your information security. You also receive recommendations for technical and organisational measures as well as suggestions for building awareness among employees and how to train them.

Our Cyber Security Audit and Compliance Assessment embrace the following areas:

• Security Audit based on ISO 27001/27002
• GAP analysis in terms of ISO 27001 certification
• Security Audit based on NIST Cybersecurity Framework
• Security Audit, penetration test and vulnerability scan based on PCI DSS
• GAP analysis in terms of PCI DSS certification
• Review of the system and architecture
• Penetration test based on OSSTMM
• Vulnerability Scans
• Social engineering audit

InfoGuard ISO 27001 Security Audit Service

The GDPR recommends reviewing data sensitive applications and critical infrastructures for security risks regularly and testing the effectiveness of the implemented security mechanisms. Our GDPR Web Audit detects precisely such security gaps and helps you comply with the GDPR recommendation.

Our external GDPR Web Audit ...

• Assesses privacy-relevant information in accordance with the GDPR
• Detects configuration and operating errors
• Identifies external weak points and thus deviations from the GDPR recommendation
• Identifies the use of tracking software
• Analyses authentication methods and the implementation of encryption
• Verifies the purpose and geolocation of the web application
• Identifies external resources incorporated into the web application thereby ensuring active protection at all times
• Sustainably increases security at a technical and organisational level
• GDPR-relevant IT security features checked point-by-point by an independent cyber security expert

Learn more right here

Cloud services have become an integral part of today’s everyday business life. Out of necessity however, employees often use services that have not even been approved by the company. If sensitive data reaches the cloud during this process, this can have serious consequences. With our Cloud Access Audit, we identify the services being used by your employees and analyse the risk associated with them.

Your benefits of the Cloud Access Audit

• Visibility of the cloud services used and the risks associated with them (risk score)
• Possibility of consolidating and monitoring the cloud services used
• Practical recommendations to improve cloud security

Our penetration tests provide a reliable assessment about the security status while considering all the factors, which could influence security: applications, systems, networks and users. In order to analyse these decisive factors in detail we offer a selection of tests. The result is an individual penetration test, which takes full account of the specific threats posed. Whether your infrastructure is protected against external or internal attacks will come to light in a penetration test conducted by our security experts.

Our Ethical Hacking and Penetration Test offer covers:

• Architecture Review
• Information Gathering
• Check of applications and IT systems
• Check of Clients, e.g. PC, Notebook, Tablet and mobile phone
• Wireless and wired network check
• E-Mail- and Internet-Malware test
• Internal and external Penetration Tests
• Breach Detection & APT Hunting
• Cyber Threat Assessment
• Cyber Attack Simulation

Interested? Get in contact with us!

In conducting a social engineering audit we examine the security behaviour of your employees. Our social engineers attempt by personal contact to your employees steal confidential information by exploiting the trust, good faith and helpfulness or excessive demand and uncertainty of the employees. Depending on the test objective and target group, we use different methods and types of social engineering attack, ranging from direct contact, either by telephone or in person, to electronic channels, such as email, chat or social network platforms, up to postal contact with the target. Where required, we also add the selective handing over of manipulated USB storage media, the systematic data analysis over the Internet, or the evaluation of log files and system information to our attack repertoire.

In principle, we look at how your employees respond to the following aspects:

• Compliance with security-relevant business processes
• Handling sensitive company information
• Compliance with user guidelines
• Compliance with IT security guidelines
• Compliance with access regulations

InfoGuard Social Engineering Audit

With our vulnerability management, you have an efficient opportunity to identify, analyse and evaluate possible IT weak points. A vulnerability scan supplies essential knowledge for the evaluation of the current risk situation and the effectiveness of measures, which have already been taken. The VulnWatcher runs periodic automated checks on your IT systems (switch, firewall, server, clients, etc.) to detect and solve weak points and missing patches. A ticketing system monitors any detected weaknesses, including risk assessment, along with information for remedying them. Proactive checks of your ICT infrastructure reveal changes in the systems and detect not only weak points from manufacturers but also incorrectly configured systems. If the system detects weaknesses having a level of potential risk you defined, the system sends an e-mail alarm and/or text alarm automatically to the system managers.

Your benefits:

• Proactively verify, evaluate and remedy weak points
• Optimise IT processes through automated scans involving integrated risk assessment and alarms plus a user-friendly ticketing system
• Efficiently monitor compliance with requirements

More ›

More than half of all breaches involve web applications - yet less than 10% of organizations ensure all critical applications are reviewed for security before and during production. Clearly, organizations need a way to replace fragmented, manual penetration testing with ongoing, automated scanning so they can protect their global application infrastructures.

Our scalable cloud-based platform secures all your applications across the Software Development Lifecycle (SDLC) - from code development to pre-production testing and production.

Industrial control systems (ICS) and critical infrastructures are frequently referred to together as SCADA and are found in the energy sector, in production systems, in critical infrastructures and in industrial networks and industry 4.0. Their impaired function or failure can have serious consequences. Our security audit will prevent production downtime due to external attackers. The systematic ICS & SCADA audit is a thorough, technical and conceptual security audit of the ICS and SCADA systems and the related components.

Your benefits:

• Proactive verification and assessment in ICS and SCADA systems
• Increasing security by following a systematic procedur
• Targeted technical system audit in the form of penetration tests and vulnerability scans
• Risk-based recommendations on measures by security experts with a proven track record
• Efficient review of compliance requirements