Services
We specialize in Consulting and Advisory services in implementing Information Security Management System (ISO 27001 (BS7799)), IT Service Management (ISO 20000 (BS15000), Compliance to internal controls and risk management requirements in acts such Sarbanes Oxley (SOX), NIST, Data Protection act, Business Continuity Planning and Incident Management.Our Services included :
Consulting
- Information Security Management System
- Information Technology Service Management
- ISO27000
- ISO20000
- ISO13335
- ISO15408
- TickIT
- Design and Implementation
- Information Security Management System based on ISO27001:2005, Cobit 4 and SoX
- Information Technology Service Management based on ISO20000:2006, Cobit 4 and ITIL
Auditing and Vulnerability Assessment
Our Audit Services include Information systems audit, Information technology security audit, Vulnerability assessment, Penetration testing and Internet trading system audit.
We have top quality systems and security auditors with qualification such as CISSP, MCSE, CEH, Security+, MCSE-Security, CCNA, CCNP and BS7799 LA on our roads to perform high quality audits and assessment of your systems and internal controls. We have developed unique methodologies for the audit/assessment process as well as top of the class reporting architecture.
- Operating System Audits
- Application System Audits
- Database System Audits
- IT System Audits
Penetration Test
When you hire Core Security Consulting Services (SCS) to provide specialized, objective assessment of your organization’s security vulnerabilities, you get a cracker-jack team of IS consultants who are also IS researchers. That’s because we believe that IS research must be linked to real-world IS problems, and real-world IS problems must influence what we research.
Define the Work Plan
The first stage sets the objectives of the penetration test and attackers’ profiles for the tests, ranging from what potential havoc an authorized user can effect on your network through to the most nefarious business-injuring destruction that a professional hacker can cause. From there, there must be agreement on the scope of the penetration test, including internal and external servers, components of the security architecture, remote-access devices, and shared workstations. And last, it is important to define success criteria, both positive and negative, so that your organization can measure our results against predetermined criteria, for both external and internal attacks.
Gather Organizational and Infrastructure Intelligence
The SCS team gathers technical details, including identification of network access points, network mapping and OS fingerprinting, about the target hosts and gathers publicly available information on the owner of the network or application in question to plan a comprehensive attack.
Detect Vulnerabilities
The SCS team then conducts the authorized attacks using public, custom, and professional tools, including our own penetration-testing framework. These tests will expose compromised hosts that will be used as escalating points during the next stages.
Analyze and Plan
Next the SCS team collates information gathered in during the previous stage so that they can plan a series of subsequent actions, including planning of the overall approach for the pen test in question, as well as formalizing which targets require further research.
Attack and Escalate Privileges
Based on analysis the SCS team has just made, the pen testers perform the attack, taking advantage of system and user privileges obtained from the previous stages. They escalate the attack based on compromised hosts used as vantage points to escalate attacks to other targets and to obtain elevated privileges that lead to still further compromise of the network’s operating systems and corporate data. Then they will continue to pivot and loop back through stages 2-5 until goals defined in the Work Plan are achieved.
Report Analysis
At this point the SCS is ready to report high-risk vulnerabilities to the client. The pen testing team consolidates and analyzes findings to report formally at the end of the engagement to your IT decision-makers so that your IT organization is better informed and better prepared to conduct your own penetration testing or to direct additional consulting services. We review:
The Objectives and Scope of the penetration test
Conclusions from each test phase regarding remediation required and the relative priority of these recommendations
Details gathered on every system, including the high-risk systems found vulnerable to attack, and detailed lists of vulnerabilities
Clean up
The SCS team cleans up all traces of the pen test by removing all testing traces of compromised systems, returning the system and any compromised hosts to the exact configurations that they had prior to the penetration test.And we’ll execute our engagement in the time-frame that you have stipulated for the tests.