INSTITUTIONAL MEASURES
RISK ASSESSMENT.
A special study in a business or organization or even on a specific subject pertaining to the assessment of the risks associated with the object under consideration in order to enhance the understanding of the overall risk associated with it. As a deliverable, it has a risk report that refers to digital assets, threats and the degree of risk involved, and which acts as a point of departure for decision-making on institutional, technical, or risk transfer actions.
VULNERABILITY ASSESSMENT.
It pertains to executing a series of exhaustive scans in order to detect vulnerabilities in every kind of computer and network or internet resource and to special checks in regard to the compliance with international standards such as HIPAA, PCI DSS, OWASP, etc.
SECURITY ASSESSMENT.
A series of security audits in an enterprise or organization or a particular system that currently is, or is about to be put into production. It consists of risk assessment, vulnerability assessment, penetration testing, and its final deliverable is a comprehensive report on the results of the above checks and an action plan for carrying out changes or remediations in order to improve the security of the object under control.
PENETRATION TEST.
A series of special security tests that accurately simulate real attacks on information and communication systems to find vulnerabilities and demonstrate the magnitude of the actual risk incurred in installed systems or on systems that will be put in production. These are tests with or without prior knowledge or preparation, either from the inside or the outside of the organization.
WiFi PENETRATION TEST.
Security tests on wireless networks that simulate real attacks, aimed at gaining unauthorized access to them and/or bringing them down by de-stabilizing or crashing them.
SOCIAL ENGINEERING.
It’s the attempt to exploit the human factor by performing actions designed to drive authorized people within an organization to perform acts that favor an attacker who intends to gain unauthorized access to systems or information by manipulating their trust.
SECURITY POLICIES.
It pertains to the authoring of appropriate policies to safeguard the risks associated with the specific characteristics of an enterprise or organization in order to align operations with accepted good practices, with regulatory compliance and with an applicable set of risk management or information management standards.
SYSTEMS HARDENING.
Performing intricate configuration on a system using appropriate settings, as well as appropriate applications that enhance the resilience of a particular system in order to improve its overall security and availability.