Penetration Testing, Vulnerability Assessment, Risk Assessment, Policy Development, 3rd Party Vendor Assessment. - Defense IT Solutions Inc.

Penetration Testing, Vulnerability Assessment, Risk Assessment, Policy Development, 3rd Party Vendor Assessment. - Defense IT Solutions Inc.

+502 2286-5347
Ciudad de Guatemala,
Guatemala, Guatemala
Defensa Tecnologica S.A.
Go to content

Penetration Testing, Vulnerability Assessment, Risk Assessment, Policy Development, 3rd Party Vendor Assessment.

Penetration Testing
Defense IT Solutions penetration testing service provides our clients with an accurate view of their security posture. A vulnerability scan can only take you so far; our team can perform the following types of penetration tests according to criteria aligned with your organization's goals:

  • Black Box, White Box
    • Our team can be equipped with as little or as much foreknowledge as you wish. Traditionally, a black box penetration test is where the penetration tester begins with little detail about the target (other than the scope). A white box penetration test is where the penetration tester begins with full knowledge of the target.

  • Network / Application Penetration Testing
    • Most penetration tests include network and application penetration testing as standard.

  • Web Application Penetration testing
    • Web application penetration testing includes identifying and exploiting SQL injection flaws, and combining with other methods such as social engineering in cross-site scripting and cross-site request forgery attack.

  • Social Engineering
    • Social engineering involves human interaction. Examples of techniques employed are phishing e-mails and telephone calls used to obtain credentials and access to internal systems.

  • Premise / Physical Security Testing
    • A network can be technically secure but physically vulnerable. Regularly testing physical security controls can be just as important as a network penetration test.

Vulnerability Assessment
Performed from either an internal or external perspective, vulnerability assessments help identify potential vulnerabilities that hackers and malware can exploit.

Defense IT Solutions provides several vulnerability assessment services:

  • Internal vulnerability assessment
    • Internal vulnerability assessments are run from within the network, where there are fewer firewalls and intrusion detection/prevention systems. Internal vulnerability scans that are run with elevated privileges are commonly used to verify patch management processes and also as a tool in a risk management program.

  • External
    • External vulnerability assessments give you an idea of what the typical hacker or malware agent sees - your firewall, web servers, mail server, and other Internet-facing systems. Defense IT Solutions external vulnerability assessment will help to identify any vulnerabilities you may have on these systems.

  • Web Application
    • Web applications have quickly become the number one target for hackers. Web applications and their database back-end systems have many potential vulnerabilities that attackers can use to obtain their goal, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (XSRF). Based on the Open Web Application Security Project (OWASP), Defense IT Solutions web application vulnerability assessment service will help to identify all of your web application vulnerabilities.

The Defense IT Solutions Difference - All Defense IT Solutions consultants have direct technical hands-on administration and engineering experience with systems and applications, and are always trained on new technologies and systems. This provides us with a unique advantage over our competitors; our consultants are better able to interpret and measure control objectives across your enterprise.

Risk Assessment
As the first iterative step in the Risk Management Program, a properly performed risk assessment allows you to identify threats and accurately gauge both the quantitative and qualitative values of risks. The risks for each company may be different, so it's important to evaluate risk based on the classification of data, industry and the current security measures in place that can help mitigate potential issues.

Partially derived from the National Institute of Standards and Technology's Special Publication 800-30 (Risk Management Guide for Information Technology Systems), our risk assessment service provides the groundwork for your organization to build and maintain a world-class Risk Management Program.

The Defense IT Solutions Difference - Defense IT Solutions consultants understand that a risk management program involves all levels of management, and we tailor our risk assessments to match your company's organizational structure. We also provide much more than a simple risk assessment - we give you document templates, free online resources, and a deeper understanding of the risk management.

Policy Development
Organizations have sometimes dozens of laws, regulations and standards to comply with. Ensuring that all requirements are codified in policy can be confusing at best, and counter-productive at worst. Defense IT Solutions identifies and catalogs all applicable requirements, customizes policy statements to your business, and helps you integrate the policies into your information security program.

Between the current laws, regulations and standards, there is much overlap in terms of security requirements. However, there are often nuances differentiating the overlapping requirements. Defense IT Solutions experience in multi-regulatory compliance helps you navigate this 'regulatory jungle'.

Not all businesses are built the same - so it follows that not every business has the same policies and procedures. When faced with so many requirements coming from multiple directions, the best approach is the risk-based approach. Defense IT Solutions experienced consultants help you customize your policies and procedures so that they make sense for your organization and maintain your compliance.

It's often not enough to simply write a policy and place it on your Intranet site or company file share. Managers and individual contributors need to understand the policies they are meant to follow. Employees can be the weakest link of an organization's information security program; a workforce that understands and self-enforces company security policies can easily become the strongest link.

The Defense IT Solutions Difference - Unlike some of our competitors who will just give you a policy template with your company's name on it, Defense IT Solutions will work with your business to customize and tailor appropriate information security policies based on organizational need and regulatory compliance objectives.

3rd Party Vendor Assessment
Doing business with third parties is critical to fulfill the needs of the business. However, in today's data breach sensitive world, the risks are equal to the benefits. The same old strategies, processes, and practices when evaluating and managing third and suppliers risk are not sufficient in today's advanced persistent threat world. Defense IT Solutions can provide a thorough assessment of your third-party vendors to ensure they are following the same best practices and regulatory compliance you do within your own organization.


Back to content