DBAccess has a proven model for security services, ensuring safe operations and minimizing the likelihood of vulnerabilities for our customer applications and operational environments.
Our methodology for security services is a result of the experience we have in the following standards:
- ISO 27001-2
- ISO 15408
- NIST Recommendations
- FIPS Recommendations
- CIS Recommendations
The major stones for our security services is mainly focused to the following tracks:
At any time, this service can help to identify what are the risks, understanding the operational context and threat landscape, based in the following practices:
- Red-team meetings with technical & management teams.
- Risk profile analysis, including top priorities provided by the customer
- The risk statement is established considering the likelihood and impact to the business.
- The risk priority takes into account:
- Likelihood of threat
- Likelihood of success
- Scale of impact
- Severity/priority per risk and ordered list of risk (worst to least)
We review the current state of security posture against risks, international industry requirements and recommendations, performing the following:
- Evaluate architecture. (from the security point of view)
- Evaluate mapping between security controls and risks.
- Review access control scheme.
- Review hardening and updating policies.
- Review user management policies.
- Review change control policies.
- Compile security architecture and control information
- Compile policy and operations information
- Deploy light-weight software agents (visibility into platform)
- Check for vulnerabilities, weak points, anomalies in operations
- Comparison to best practices
Based on the results of the Gap Analysis we recommend remediation actions after discuss the results with the customer, so we can implement improvements such as:
- Improve controls for high impact risks: reconfigure, activate functionality, add controls, test effectiveness., by doing this kind of actions:
- S. configurations that increase system security.
- Minimalist service posture and reconfigurations.
- Secure configuration for communication protocol parameters.
- Improvements in user management.
- Feasible modifications in architectural security.
- Improve operation and control policies.
- Advise on hardening actions and priorities.
- Review resulting state of hardening measures.
- Service report describing:
- Recommendations carried out, organized by impact.
- Recommendations pending.
- Technical procedures implemented.
- Review hardening results against risks.
- Short to medium term recommendations and security projects.