Yasa Data Processing & Communication
  • Home
  • About Us
  • Services
  • Training
  • Customers
  • Contact Us
  • Search
  • Menu

Services

We specialize in Consulting and Advisory services in implementing Information Security Management System (ISO 27001 (BS7799)), IT Service Management (ISO 20000 (BS15000), Compliance to internal controls and risk management requirements in acts such Sarbanes Oxley (SOX), NIST, Data Protection act, Business Continuity Planning and Incident Management.Our Services included :

Consulting

  • Information Security Management System
  • Information Technology Service Management
  • ISO27000
  • ISO20000
  • ISO13335
  • ISO15408
  • TickIT
  • Design and Implementation
  • Information Security Management System based on ISO27001:2005, Cobit 4 and SoX
  • Information Technology Service Management based on ISO20000:2006, Cobit 4 and ITIL

Auditing and Vulnerability Assessment

Our Audit Services include Information systems audit, Information technology security audit, Vulnerability assessment, Penetration testing and Internet trading system audit.
We have top quality systems and security auditors with qualification such as CISSP, MCSE, CEH, Security+, MCSE-Security, CCNA, CCNP and BS7799 LA on our roads to perform high quality audits and assessment of your systems and internal controls. We have developed unique methodologies for the audit/assessment process as well as top of the class reporting architecture.

  • Operating System Audits
  • Application System Audits
  • Database System Audits
  • IT System Audits

Penetration Test

When you hire Core Security Consulting Services (SCS) to provide specialized, objective assessment of your organization’s security vulnerabilities, you get a cracker-jack team of IS consultants who are also IS researchers. That’s because we believe that IS research must be linked to real-world IS problems, and real-world IS problems must influence what we research.

Define the Work Plan

The first stage sets the objectives of the penetration test and attackers’ profiles for the tests, ranging from what potential havoc an authorized user can effect on your network through to the most nefarious business-injuring destruction that a professional hacker can cause. From there, there must be agreement on the scope of the penetration test, including internal and external servers, components of the security architecture, remote-access devices, and shared workstations. And last, it is important to define success criteria, both positive and negative, so that your organization can measure our results against predetermined criteria, for both external and internal attacks.

Gather Organizational and Infrastructure Intelligence

The SCS team gathers technical details, including identification of network access points, network mapping and OS fingerprinting, about the target hosts and gathers publicly available information on the owner of the network or application in question to plan a comprehensive attack.

Detect Vulnerabilities

The SCS team then conducts the authorized attacks using public, custom, and professional tools, including our own penetration-testing framework. These tests will expose compromised hosts that will be used as escalating points during the next stages.

Analyze and Plan

Next the SCS team collates information gathered in during the previous stage so that they can plan a series of subsequent actions, including planning of the overall approach for the pen test in question, as well as formalizing which targets require further research.

Attack and Escalate Privileges

Based on analysis the SCS team has just made, the pen testers perform the attack, taking advantage of system and user privileges obtained from the previous stages. They escalate the attack based on compromised hosts used as vantage points to escalate attacks to other targets and to obtain elevated privileges that lead to still further compromise of the network’s operating systems and corporate data. Then they will continue to pivot and loop back through stages 2-5 until goals defined in the Work Plan are achieved.

Report Analysis

At this point the SCS is ready to report high-risk vulnerabilities to the client. The pen testing team consolidates and analyzes findings to report formally at the end of the engagement to your IT decision-makers so that your IT organization is better informed and better prepared to conduct your own penetration testing or to direct additional consulting services. We review:

The Objectives and Scope of the penetration test

Conclusions from each test phase regarding remediation required and the relative priority of these recommendations

Details gathered on every system, including the high-risk systems found vulnerable to attack, and detailed lists of vulnerabilities

Clean up

The SCS team cleans up all traces of the pen test by removing all testing traces of compromised systems, returning the system and any compromised hosts to the exact configurations that they had prior to the penetration test.And we’ll execute our engagement in the time-frame that you have stipulated for the tests.

About Us:

Yasa Data Processing and Communication develops and markets enterprise integration and compliance services for Information Security Management Systems and Information Technology Service Management Systems for businesses worldwide.

Pages:

  • Home
  • About Us
  • Services
  • Training
  • Customers
  • Contact Us

Contact Us:

Po.Box : 81735-355

Isfahan, Iran

info [at] yasaco . com

© Copyright - Yasa Data Processing & Communication

Scroll to top