 |
IT Security Assessment
IT environment within an organization could not be secured without periodic review and assessment. Especially before implementing any new systems, IT security risk assessment services is needed to determine whether the new system is secured. At the same time, after new IT Security Management framework adaptation, organizations have to review the effectiveness and efficiency of the systems through periodic IT Security Audit. eWalker consultants assist your organization in identifying current vulnerabilities and threats and prioritizes the remediation activities to mitigate the risks according to business impacts and requirements.
Vulnerability Assessment
Even though your organization may have already installed firewall and other computer security systems, vulnerabilities may arise from time to time. Vulnerability assessment would be the first step to verify the overall health of your IT systems. Without proper assessment, systems may not be as secure as they suppose to be.
During vulnerability assessment, eWalker consultants perform reviews on systems and network configurations. Systems and network used by your organizations would also be scanned using vulnerability scanners according to our i-Scan methodology. Vulnerability assessment reports would be generated through our analysis tools.
Penetration Test
eWalker consultants review system security by using gray box hacking method in which the testing is conducted from external network without knowing the technical details from servers and limited information are provided before the test. Non-intrusive penetration methods are performed based on commonly used intrusion testing skills by hackers, commercial software and eWalker developed tools. All tests are performed according to OSSTMM standard.
Web Penetration Test
As more applications are web based, our penetration test service extends to web based applications. eWalker consultants perform non-intrusive penetration methods into your web application servers based on commonly used intrusion testing skills such as web exploits, SQL injections, cross-site scripting, session hijacking, through commercial software, our developed tools and manual procedures. All tests are performed according to OWASP standard.
Application Code Review
Application security depends on application code security. Large software corporations may include application code security requirements into the development and quality assessment stage. As this is often being ignored by small software company and organizations, eWalker consultants conduct application security testing by reviewing application codes using manuals and automatic code review tools.
IT Audit/SOX Audit
IT Governance compliance is considered to be one of the most important aspects in many corporations. Since the Enron case, US PCAOB has requested all US listed companies to comply with the Sarbanes-Oxley Act 2002 (SOX) requirement. Since 2007, Japan has also started to implement similar requirement for Japan listed companies (J-SOX).While in 2009, China has initiated the China version of SOX (C-SOX). Other than SOX, there are other forms of compliance requirements such as PCI compliance (2009) and ISO 27001 (previously known as ISO 17799 or BS7799 certification) that your organizations may need to follow. Due to the recent incidents on data leakages and data loss, some organizations started to conduct data privacy assessment and audit. As most organizations have to comply with one or more forms of standards and requirements, eWalker consultants with strong knowledge on various compliance audit and review services would be able to help your organization by preparing your team for the audit work through pre audit service and formulating steps for performing compliance audit. On the other hand, our consultants also consolidate documentations and self-audit results to reports for further inspections.
