SEQ – your information security advisor

Before developing strategies and techniques to counter information security threats, companies need to test their infrastructure for current sustainability to attacks:

• Detecting vulnerable components and existing computer security issues;
• Identifying possible ways of compromising the information system;
• Verifying the possibility of implementing the identified attack vectors.

The selected SEQ approach of penetration testing is based on the recommendations of international standards and best practices:

• Open Web Application Security Project (OWASP);
• Open-Source Security Testing Methodology Manual (OSSTMM);
• Web Application Security Consortium (WASC);
• ISO 27000 series standards;
• Center for Internet Security (CIS) standards;
• Common Vulnerability Scoring System (CVSS);
• NIST Special Publications 800-115 Technical Guide to Information Security Testing and Assessment.

• SEQ assessment process audit is based on risk modeling.
• The investigation of the existing information architecture of the company helps to identify possible threats and assesses the risks to the infrastructure; during this process SEQ widely uses and implements international best practices and developments. As a consequence, the customer receives a detailed report with analysis and prioritization of risks, as well as recommendations for reducing the impact of these risks.

The human factor has a leading role in affecting all processes in the organization, including the protection of company assets and infrastructure. The use of social engineering techniques in assessment by SEQ will help to increase assurance that the human factor will not widely affect the risks to information security. These techniques can take form of trainings, security courses for employees and other complex projects (for example, Red Team), allowing you to develop an objective assessment of vulnerability on the part of staff.

SAP ^® systems are one of the most important assets of the company. SEQ helps to detect serious vulnerabilities before attackers do so by evaluating:

• The overall security level of SAP systems;
• Reliability of application implementation;
• The level of security in the management processes of users, rights, interfaces, emergency concepts and business applications;
• Security patch management;
• SAP security measures and prevention of malicious actions awareness.

Red Teaming is the use of TTPs (Tools, Tactics and Procedures) to simulate a real threat in order to train and measure the effectiveness of people, processes and technologies used to protect the company's information environment. A typical scope of Red Team assessment involves the entire customer infrastructure. Red Teaming conducted by SEQ will help the customer to acquire a clear vision of the actual security level of information systems, as well as their current capabilities in countering threats and attacks.

SDL (Security Development Lifecycle) is a development technique that allows one to ensure the required level of security of the system that is being developed. The SDL approach is based on the practices of training the development team, conducting a security analysis of the developed system and implementing security improvement mechanisms. The primary methods used in SEQ include: MS SDL, OWASP Secure SDLC Cheat Sheet