Did you know?
There is a hacker attack every 39 seconds
95% of cybersecurity breaches are due to human error
More than 77% of organizations do not have a Cyber Security Incident Response plan
43% of cyber attacks target small business
ISTC Cyber Division is showing the value of the investment in cyber security strategy and infrastructure by demonstrating how the improved risk profile will solidify the security posture, thus increasing the chances of company’s long term viability and lowering their risk of successful attack.
We provide security support service of the risk profile for small to medium sized businesses, such as law firms, news agencies, tech startups, e-commerce, manufacturing companies, grocery stores, etc. and focused on the importance of implementing information security best practices to secure their assets.
1. Company Staff Trainings
We provide trainings for your company's technical and non-technical staff in the topics as Information Security Services, Open Source Intelligence and Social Engineering. At the end of each training we will conduct testing of employees. We also offer per-request customized trainings in related topics.
2. Social Engineering
As we know, the human factor can have a very serious impact on your company’s security. Most of the attack vectors start with an e-mail that can have malicious scripts injected in them, thus giving the attacker access to employee’s workstation. Because of that, it’s very important to educate every employee about the potential risks and ways to mitigate them in case of an incident. During this service employees of the client’s organization are being tested.
3. Penetration Testing
Organization’s infrastructure is tested for vulnerabilities. There are three types of testing techniques: White Box, Black Box and Grey Box. Mostly our services cover web application and network testing. In the first case the testing is done with full access to the source codes/resources of the company. During Black Box testing the specialist has almost no information on client’s infrastructure. Grey Box testing is done with only partial knowledge of the client’s internal structure.
4. Network Testing
Network testing provides an objective, independent view of the client network to allow the business to appreciate and understand the risks of network implementation. This package does not include the web application or web servers.
5. Full Security Audit
Service which fully covers the client’s information security needs. During the audit all of the aspects of the organization that are connected to confidential information can be tested. That includes the organization’s policies regarding information security, employee “hygiene” in the digital world, and all of the above mentioned services.
In the end of each delivered service we will provide a full report which will contain all the vulnerabilities found in the process and recommendations to mitigate them.