Solutions

Securistec’s approach to your organization’s program is based on the fact that every client is unique.  We offer a risk based approach based on your specific business model, assets and resources.  We assist our clients in identifying potential vulnerabilities and provide recommendations in a prioritized manner so that a solid business decision can be made on the implementation of specific remediations or acceptance of identified risks.

Our assessment process involves assessing the asset to understand where vulnerabilities may be leaving the organization exposed to risk. Assessment activities generally fall into one (or more) of the following types:

  • Design Assessment activities which evaluate the appropriateness of controls by comparing the control design against the client’s control objectives, industry good practice, laws/regulations, and/or the auditor’s professional judgment (e.g., an Application Architecture Review).
  • Compliance Assessment activities which validate that the control measures established are working as designed, consistently, and continuously (e.g., a Password Audit).
  • Substantiative Assessment activities that provide assurance that the control objectives are being achieved, and where they are not, provide a measure of probability and business impact (e.g., a Penetration Test).

Black Box Testing (aka Penetration Testing or Ethical Hacking) is a substantive test of the net security posture resulting from the cumulative security controls applied. It is typically leveraged to assess the net security posture (trustworthiness) of key elements of your security environment (e.g., networks, applications and people).

White Box Testing uses all relevant system resources and information that is available to the assessment team.  In a white box application assessment, the assessment team typically has access to the asset, design documents, data models and technical personnel.  Access to this information makes it possible to perform a comprehensive analysis of the asset (e.g. applications).

Securistec - Solutions