Security Life Cycle

The life cycle comprises of Social Engineering, Penetration Testing, Information Security Program Analysis, or Security-As-A-Service. Our methodology consists of three pillars:
 
Human Perspective Analysis, Technology Risks, and Information Security Program. 

 

Human Perception Analysis
Technology Risks
Information Security Program
Halogen

Human Perception Analysis

During our assessments, we conduct interviews with various departments to understand how and why the risks are within the organization. 

  • We gain an understanding from a top-down and a bottom-up perspective to the risks throughout the company and pitfalls around IT/ security. 

  • We connect the dots of risks within finance, marketing, engineering, HR, and IT departments.

  • Once we understand how humans think we conduct a technology assessment to know how the current reality of the environment of hidden risks.

Employees, even if they are not in IT, allow for Vulsec to discover more risks that the IT department was aware. These risks include shared password sharing through email, corporate document access, or third party website access.  

Screen Shot 2018-06-18 at 17.38.50

Technology Risks

Blend continuous enterprise risk assessments with penetration testing to assess the organization of current risks deployed through the environment. 

Assessing technology includes but not limited to:

  • Wireless infrastructure assessment

  • Physical infrastructure assessment

  • Network configuration vulnerability assessment

  • Authentication best practices

  • Vulnerability Assessment configuration analysis

  • Software configuration Assessment (IPS/IDS, Anti Virus, Patching)

  • Software Development Life Cycle (SDLC) assessment

  • Security Solutions Architecture review

  • Virtual Environment Analysis

  • Cloud Environment Analysis

When combined with understanding how and why the employees configured the technology the way they did, we can determine risks around budget, staffing issues, or managerial oversights. 

Screen Shot 2018-06-18 at 17.53.02

Information Security Program (ISP)

After the organization understands the current risks from human perspective analysis and reality of the technology risks, we assess the policies and procedures. 

We assess the ISP that is currently implemented within the organization to understand how the program allows the employees to configure the technology per best practices to increase security posture. 

The ISP needs to be configured with the proper policies and procedures to protect the business at its current state but also incorporate how the company is evolving. 

We layer on compliance and regulatory requirements on top of this ISP to stay ahead of compliance needs. 

The information security program analysis is conducted last because technology stops hackers, not policies, and procedures. 

Employee_MonitoringV1.1
 
Social Engineering

Physical or Remote

Phishing, Vishing, Smishing, Whaling, or Spearphishing

Training for Employees 
Educational Videos, Quizzes, and Gamification.

LEVERAGE_interlinkV2.1
 
External Assessment

Understand external risks from OSINT, Penetration Testing, Continous Vulnerability Scanning, and cloud environment (AWS, Azure, Google, or Private Cloud)

Icon_Asset_monitoringV1.1
 
Web & Mobile Application Assesment

Assess the current applications for OWASP Top 10 best practices, Implement a bug bounty program, and analyze the Software Development Life Cycle (SDLC) 

ROOT_interlink2.3
 
Enterprise Risk Assessment

Assess the organization from a hacker’s mindset to determine the root cause of risks within the organization.

Game_interlink2.3
 
Security As A Service (SaaS)

Conduct Red Team assessments on a continuous basis from multiple hackers that models various threat simulations vectors and advanced testing procedures.

View Customized Assessments Within Our SLC For Your Industry HACK NOW

Find The Data. Protect The Data.

Digitize your information security program through continuous assessments against the organization. 

Screen Shot 2018-06-18 at 17.31.15
Assessment Delivery

Digitize penetration test reports or compliance reports for your Information Security Program.

Screen Shot 2018-06-18 at 17.31.37
Track Progress

Once employees have been assigned to a finding, track the status of each outcome and the overall assessment progress.

Screen Shot 2018-06-18 at 17.52.44
CISO Marketplace

Access a variety of vendors selling products and services with transparent pricing and successful track records.