service: Information Security Services

ISO 27001 and ISO 22301 Consultancy Services

Organization’s effective and powerful Information Security Management System (ISMS) can be developed, build, and certified by using the ISO 27001 Consulting Services of SSA SOFT. For the assurance of timely and in-budget delivery of the certification of ISO 27001 to the organizations, in-depth knowledge and thorough experience of the experts in the domain (spanning the certification of CISSP, CRISC, ISO 27001 Lead Implementer, CISA and ISO 27001 Lead Auditor) is brought by the experts of SSA SOFT.

The experts and consultants of SSA SOFT are continuously at the support of the client in each and every phase of the certification process whether it is the definition of scope or the certification of audit support. For the clients who are certified successfully with ISO other continuous support is offered including the Assessment of Information Security Risk and arranging Internal ISMS audits and others.

SSA SOFT’s ISO-27001 Consulting Services include:

• Determining and Optimizing ISMS Scope
• Assessment of Risks
• Planning the Treatment of Risk
• ISMS Gap Assessment
• Gap Assessment of Security Control
• Arranged Roadmap Definition
• Gap Recovery Facilitation & Support
• Security Metrics
• Policy, Standards and Procedure (PSP) Support
• ISMS Internal Audits
• Certification Audit Support

ISO 22301 Consultancy Services:

The standards of the processes and systems implying which a firm can proactively prepare for dealing and recovering from some unexpected occasions, which are responsible of making the firm, unable to operate actively are defined by the ISO 22301 certification.

The clients seeking assistance and consultancy for ISO certification of 22301 receive the services which are usually such audits which are exactly according to the requirements and standard set defined by the ISO. The consultants of SSA SOFT are responsible of developing such teams from within the organization which are then performing the duties of collecting the data appropriately and implementing the BCMs. Our experienced consultants work closely with the organization’s official in order to customize the materials required as per the demands of individual clients. Evidence collection process of client is monitored closely by the consultants in order to ensure all the standard sets of ISO 22301.

COMPLETE INFRASTRUCTURE SECURITY REVIEW

At SSA SOFT, it is considered to be the obligation to understand the infrastructure of client’s organization so that any potential threats and security breaches can be identified prior to the occurrence of any damage or information loss. Detailed assessment of the organization’s security infrastructure is performed for this reason. The methodologies developed by the experienced security personals are in compliance with the best practices adopted in the industry.

The specifically tailored practices are applied in various organizations both large scale and small scale and it has been proven that the experts at SSA SOFT are skillful professionals who are capable of determining the exposure of the organization, provide support for fighting any security flaw and can develop appropriate mitigation methods.

SSA SOFT CISR Services:

Infrastructure security services included in the wide range offered by SSA SOFT are:

• Assessment of Security Architecture:Detailed monitoring and reporting of the currently used security architecture
• Scanning Vulnerabilities: Expert Analysis and Comprehensive Internal and External scans against threats
• Review of Device Configuration: Analyzing security configurations of devices and applying standards

Benefits:

• Identification and improvement in application issues and configurations of device endangering the performance and security
• Upgrading the Design of Security
• Designing of flexible security services in order to protect the information and data of organizations
• Diagnosis of flaws in architecture design which are generally identified lately
• Ordering and categorizing of risks in security architecture and quick fixing those risks

Manual Code Review

It is not possible to detect all the vulnerabilities without manually reviewing the code. In many cases it is reliable and efficient to manually review the code instead for using some testing tools and or examining that using some software. Data protection, log maintenance of bugs or issues, system’s inter-communications and usage, encryption and access controls can be efficiently monitored using the manual review of the code written for the applications.

The data flow within the application between different modules from its entry point to its exit can be traced and reviewed by using the effective method of manual code review. Architectural vulnerabilities are identified by SSA SOFT by analyzing the implied security architecture within the application in order to remove the architectural threats.

Static Analysis

Manual Code Review is defended as an essential of application testing method at SSA SOFT. Instead of using any other approach for testing the application the most accurate and efficient results are delivered by reviewing the code of the application. Not only that the efficiency of the method is considerable, but the cost incurred for such a review is also effective.

The tools and software used for the application assessment are both commercial and proprietary essentially. Application assessment is performed using many other approaches but code review is considered to be an efficient method for this purpose. In this approach not only the code review but the security testing of the application is performed, all while staying into the budgets of clients. The tools for scanning the code are custom tailored so that the results could be generated with highest possible quality; upon which then keen diagnosis and analysis is performed to verify the generated results.

Identification of weakness by the scanning tools, depend on the application and the signature databases for exploring the vulnerability. The instances of XSS, SQL Injection, CSRF, open ports and others can be traced by making use of the tools. The training of the tool is required only once in order to understand the controls in the application; these can then be used for achieving more advanced security operations.

Vulnerability Assessment Services

The assessment of security and seriousness of the threats that can occur within the IT systems or applications is managed under the controlled and planned Vulnerability Assessment Services of SSA SOFT. Such threats and security breaches can allow attacks within the application. The availability of IT services, access to resources, secrecy of applications and data related to the organization are at stake due to the risks of attacks. The consumer’s and business’s systems are constantly prone to attack due to the vulnerabilities. Detection and reporting of the threats and vulnerabilities is considered to be of great importance at SSA SOFT and the experts are responsible of detecting every possible loop hole and reporting that to the clients along with its level of threat to the system. For the assurance of consistent approach and clarity of the vulnerability processes, SSA SOFT has developed a specially tailored method.

The methodology implied by SSA SOFT is focusing on the ease of exploitation of threats, the access to the application code, impact of the exploitation on the business and customers, and other such factors for the organization.

Methodology & Work Support:

Identification of the vulnerabilities and threats of human exploitation is the most prioritized aim towards the Vulnerability Assessment Services. Both technical and non-technical vulnerabilities are accessed at SSA SOFT but the most commonly and detailed analysis of the following vulnerabilities is performed:

1. IT Infrastructure Security Service Weakness’s Identification
2. Reporting to the Client about Vulnerabilities
3. Validation of Weakness by assessing if it’s Vulnerability
4. Identification of Measures to Eliminate the Vulnerability & Ensuring that the Vulnerability is Removed

Managed Security Services

The approach implied in different domains of IT infrastructure allows keeping the data and applications same for some specified duration of time but the same can’t be taken for the services related to security. Security is something that should be monitored efficiently and regularly in order to detect any kind of loops or holes. Managing the security of the enterprises is becoming more and more crucial with the active participation of both the business professionals and technological experts, by changing the business logic, improving the hacking tools, changes in network related solutions, threats, potential bugs and others. There is very limited time duration to detect the threat or any potential bug before it start to exploit the systems of the organizations. Resources are limited and so are the budgets, which is the reason why enterprises are constantly struggling to deal with the security related issues.

In order to provide the enterprises an experience of sophisticated and state of the art Managed Security Service SSA SOFT has developed a disciplined pattern. Enterprise’s security solutions can be tailored to manage by the enterprise itself or it can be assigned to the experienced professionals of SSA SOFT. SSA SOFT has wide range of Managed Security Services to offer the clients spanning the management and monitoring of firewalls and intrusion detection, managing the upgrades in systems, generating security based report and responding to any emergency.

Managed Security Services and IT Solutions Package:

• Managed Firewall Services
• Managed Intrusion Detection Services
• Managed Virtual Private Network Service
• Managed Authentication Services
• Managed Vulnerability Protection Services
• Managed Incident Response & Forensics Services
• Managed Anti-Virus Services
• Web Application Firewall
• Network Access Control
• Bandwidth Management Solutions
• Data Leak Protection Services
• Email Protection

Penetration Testing Services

A highly skilled and professional hacking team is the strength of SSA Soft when it comes to the services related to Penetration Testing. Latest and state of the art techniques are implemented in order to determine the threats, and investigating the security infrastructure of the organization. All the tactics which are implied by the illegal hackers to gain access to the organizations’ information and assets are applied by the experts of SSA Soft.

Security Checks in Multiple Scopes:

The scopes in which the Penetration Testing is applied by the Ethical Hackers of SSA Soft are:

Black Box Testing:

This is the typical form for Penetration Testing and the organizations commonly don’t provide wide range of information but access to only the IP address and in some cases the name of the organization is provided. It is then up to the skills and expertise of experienced technical persons of SSA Soft to perform the testing.

White Box Testing:

The controls and assets of IT infrastructure in an organization are checked in order to assess the efficiency and durability. This is the area of testing in which the customers provide access to the servers, controls, network systems and any kind of information needed to perform the test.

Grey Box Testing:

In this testing technique, white box testing techniques are applied in order to comprehensively test the organization’s private systems which are not accessible publicly but with some malfunctioning those can be accessed by the hackers. The web services and other network controls are tested using the technique of black box testing. This is therefore the mixture of Black and White box testing as the name suggests, Grey Box Testing.

Penetration Testing Services Suit

includes the following aspects of Organization’s security:

• External Network Penetration
• Internal Network Penetration
• Server Application Penetration
• Web Application Penetration
• Mobile Application Penetration
• Client Application Penetration
• Physical Security Penetration