Cyber Security – Security Audit
Before the CS solution is proposed, it is important to know as much information about ICT of the customer, as possible. Every CS solution must meet the information and security needs of the customer. This means, that it is always important to make data and ICT resources available to all, who need them.
Every CS audit should tell us about current state of CS within the organization and beyond, about their partners, suppliers etc.
CS Audit will map the current situation and help us to customize our products, where the final proposed solution perfectly fits the needs of our customer.
Cyber Security Concept Implementation – POC
The difference to audit is, that in this stage/product the specific solution is being prepared. It is important to keep in mind, that cyber security is not a single product/service. So the implementation process is setting up requirements for better protection and it consist of:
Process definition and management requirements (including necessary HR),
Infrastructure requirements (HW, SW – backup needs, computer power, software like operating
cloud requirements etc.)
Cyber Security tools/solutions like ADR, ZDA, SIEM, AVs, VPNs, IMS etc. and necessary HW,
Operational team and Response team including response and BCM protocols.
SOC building and Implementation
This is one of the most complex products. The certain level of complexity is in line, with difficulty of implementation, thus the product is not a standalone solution. Such product must include the preparation stage, where CS Audit, POC and other minor products/services are needed.
The SOC is represented by:
Operational Room equipped with all necessary HW and SW,
HR as a SOC managers, operators, and response team.
Source Code Testing
Source Code Testing is representing two approaches. The first one is continual improvement of EMELDI’s application security, where the company is continually testing own products. Because the EMELDI is using in many cases Open-Source platforms and in future (or currently?) could use source codes delivered by vendors, it’s important to check these codes. There are several threats identified in this part of CS.
Second approach is to propose this service on the market. Due to a shared responsibility of cloud solutions, there are several dynamic changes in such platforms/infrastructure, so it is important to stay up-to-day from a prospective of new possible vulnerabilities or threats. Many application providers or developers doesn’t have enough “in-house” resources (HR) to conduct such testing, so there is a certain space on the market.
Such testing and security benchmarking could develop into more complex testing like common CVE, which includes:
- Denial of Service (DoS)
- Code Execution
- Buffer Overflow
- Memory Corruption
- SQL Injection
- Cross-Site Scripting (XSS)
- Directory Traversal
- HTTP Response Splitting
Like with the SCT penetration testing is in general continual process. As the information technologies evolving very dynamically and the communication technologies (especially amount of data) are providing more capabilities, the demand on cyber security is rising in line with. Penetration tests are one of the key processes, which are helping to improve the protection of valuable assets (mostly the data, but with IoT development also the machines).
The testing is divided into 5 general steps and may include the SCT, also.
- Black Hat Testing – blind testing from outside (MITRE matrix, CKC etc.),
- Mitigation process – presentation of found CVEs, newly found vulnerabilities, complex analysis,
- BHT&MP inside the protected perimeter,
- SCT – source code testing phase, (optional),
- Complex CS analysis and Certification – individual consultancy on CS, with risk analysis and process management and after implementation of continual improvement and periodical PT (for example) there could be initiated certification process.