Risk assessment

The first step of cooperation is a risk assessment, during which we will consider together which areas (hardware, systems, software, databases) may affect your digital security and which scenarios have the highest priority (malware, phishing, data theft, attacks volumetric, APT).

Then we will determine the probability and chances of materialization of this risk. The purpose of this stage is to prepare the best methods of preventing and responding to security incidents.

Ask for an offer

Audits

The safe functioning of the organization requires regular audits to verify the correctness of the applied security measures in relation to the assumed requirements.

In addition, a security audit is carried out to check compliance with defined standards, which are designed to ensure full security of employees and databases. An experienced auditor carefully controls the functioning IT system. It indicates any non-compliance with standards and issues appropriate recommendations that will improve safety.

We carry out audits for compliance with the requirements of:

  • KSC – National Cybersecurity System
  • PN-ISO / IEC 27001 standard – Information Security Management System
  • PN-ISO / 22301 standard – Business Continuity Management System (BCMS)
  • Recommendation D of the Polish Financial Supervision Authority
  • KRI – National Interoperability Framework
  • R-CYBER-1/2021 – Recommendations of the Chancellery of the Prime Minister on cybersecurity for the water and sewage sector
  • Trusted Information Security Assessment Exchange (TISAX)
  • Control Objectives for Information and related Technology (COBIT)
Make an appointment for a RiskScope diagnosis

Tests as an assessment of the state of safety

We carry out penetration tests in white-, black– and greybox models. We carry out a controlled attack on your company’s IT system.

Its purpose is a practical assessment of the current state of security, susceptibility to various forms of security breaches.

Implemented test methods:

  • Whitebox: Authentication tests
    We work hand in hand with administrators, scan the ICT infrastructure on an ongoing basis and immediately introduce security measures.
  • Blackbox: Simulate an attack from the outside
    We play the role of a potential attacker, we get all the information ourselves. The purpose of this test is to detect all vulnerabilities to which the organization is exposed from the Internet.
  • Greybox: Maximum version
    The purpose of this test is to complete an inventory of external threats. The next step is to work hand in hand with the client’s administrators to eliminate internal threats as well. The final effect is the elimination of all attack vectors.

Knowledge base

How to create safe passwords on the Internet

Any information that is collected from customers or from other sources must be adequately protected in accordance with the GDPR.
Read more

Active Directory Audit

Full configuration and maintenance of Active Directory

Why do you need:

  • Administrator account attributes are set for normal users.
  • Analyze and export Access Control Lists (ACLs) across your domain.
  • Detect services vulnerable to Kerberoasting.
  • Check the data encryption quality at rest/during transmission.
  • Delete old, shared, abandoned and test accounts.
  • Identify backdoors.
  • Create a response plan during and after a disaster.

Certifications

After carrying out the activities (diagnosis, tests, preparation of procedures) and introducing corrections / recommendations, we are able to support the client in the activities necessary to obtain certificates confirming the maintenance of a high standard of ICT security:

  • KSC – National Cybersecurity System
  • PN-ISO / IEC 27001 standard – Information Security Management System
  • PN-ISO / 22301 standard – Business Continuity Management System (BCMS)
  • Recommendation D of the Polish Financial Supervision Authority
  • KRI – National Interoperability Framework
  • R-CYBER-1/2021 – Recommendations of the Chancellery of the Prime Minister on cybersecurity for the water and sewage sector
  • Trusted Information Security Assessment Exchange (TISAX)
  • Control Objectives for Information and related Technology (COBIT)

Our partners:

Ask for an offer

Would you like to learn more about our offer or have any questions about specific solutions.Please do not hesitate to contact us.