ISTC Cyber Division is showing the value of the investment in cyber security strategy and infrastructure by demonstrating how the improved risk profile will solidify the security posture, thus increasing the chances of company’s long term viability and lowering their risk of successful attack.
We provide security support service of the risk profile for small to medium sized businesses, such as law firms, news agencies, tech startups, e-commerce, manufacturing companies, grocery stores, etc. and focused on the importance of implementing information security best practices to secure their assets.
We provide trainings for your company's technical and non-technical staff in the topics as Information Security Services, Open Source Intelligence and Social Engineering. At the end of each training we will conduct testing of employees. We also offer per-request customized trainings in related topics.
As we know, the human factor can have a very serious impact on your company’s security. Most of the attack vectors start with an e-mail that can have malicious scripts injected in them, thus giving the attacker access to employee’s workstation. Because of that, it’s very important to educate every employee about the potential risks and ways to mitigate them in case of an incident. During this service employees of the client’s organization are being tested.
Organization’s infrastructure is tested for vulnerabilities. There are three types of testing techniques: White Box, Black Box and Grey Box. Mostly our services cover web application and network testing. In the first case the testing is done with full access to the source codes/resources of the company. During Black Box testing the specialist has almost no information on client’s infrastructure. Grey Box testing is done with only partial knowledge of the client’s internal structure.
Network testing provides an objective, independent view of the client network to allow the business to appreciate and understand the risks of network implementation. This package does not include the web application or web servers.
Service which fully covers the client’s information security needs. During the audit all of the aspects of the organization that are connected to confidential information can be tested. That includes the organization’s policies regarding information security, employee “hygiene” in the digital world, and all of the above mentioned services.
In the end of each delivered service we will provide a full report which will contain all the vulnerabilities found in the process and recommendations to mitigate them.
