|
|
 |
|
|
|
 |
 |
FortConsult is the only Danish company which is certified by the credit card companies to carry out both security scans and security audits of their customers′ critical payment systems in accordance with the PCI standard.
Read more > about FortConsult′s certified security assessments.
In addition, we satisfy selected requirements in accordance with the OSSTMM standard.
|
|
|
|
|
|
|
|
|
|
 |
|
 |
With FortConsult′s security assessment, StaySolid™, you will receive a thorough quality check of the level of IT security in your company. You will be fully informed with regard to which security breaches exist in your IT systems, how serious they are and what you can do to secure them.
We document the test results in a clear and readable report, thus providing you with an accurate status of the level of IT security in your company - and thereby the opportunity to focus on the security tasks that are of the greatest benefit to your company. The report is laid out so that you can use the first section to document the level of security in your company to your management or auditor, whilst the second section is aimed at technicians. We present the report to you in person in order to enable you to ask any questions and discuss the results with us.
| The report includes: |
An overview of the scope and objectives of the assessment
An overall conclusion with regard to the level of security in your company
A comparison of your security level with other firms within the industry
An overview of your security breaches broken down into categories depending on their seriousness |
|
| For each security breach you will also receive: |
A detailed technical description
Full information about the possible consequences
Proposals as to how the breach can be secured |
|
| |
| Tailor-made assessment |
It is up to you to decide how comprehensive you wish StaySolid™ to be. You can, for example, choose to have your Internet systems, DMZ systems, internal servers and clients or your wireless network tested. Whatever you choose, we always make sure that you are given a full breakdown of the extent to which unauthorised parties can gain access to your systems.
With our help you must decide how thorough our testing should be. The depth of the test is determined on the basis of your security requirements and FortConsult′s three-stage model, which is described below. Regardless of which stage you choose, we carry out a security assessment which is as thorough and well documented as possible. Security assessments are one of FortConsult′s core competencies, and our security consultants′ extensive experience is your assurance that nothing will be overlooked.
We also assume responsibility for project management, draw up a clear delivery schedule and make sure that you are fully informed throughout the test process. |
| |
| Test of web applications |
| It is often beneficial to have web applications tested. In our experience, web applications contain many potential security breaches and we have accumulated a particular expertise in the area. |
| |
| Test of IP telephony solutions |
For companies that have implemented IP telephony we can offer to test the security of your IP telephony solutions. With the help of StaySolid™ we can relatively easily expose any security issues that may exist and put forward concrete recommendations as to how you can deal with them.
In our experience it is worthwhile having IP telephony solutions tested. On several occasions we have discovered serious security breaches in existing IP telephony solutions, which are primarily caused by configuration errors or passwords that are too simple. |
| |
| A thorough test methodology |
When we test to see if we can break into your IT systems, we use three basic methods.
Level 1
At level 1 we test by means of a number of automatic tools, where we subsequently check for false positives through manual verification. We have a thorough understanding of how to best utilise the market′s leading scanning tools and, thanks to our extensive experience, how to get the optimum results from these tools.
A test on level 1 is ideal for companies that wish to know whether their IT systems are vulnerable to simple, coincidental attacks from worms or amateur hackers.
Level 2
At level 2 we carry out in-depth manual tests in which we utilise our own advanced analytical methods and comprehensive vulnerability databases, which are among the most frequently updated in the world. Our creativity and detailed understanding of vulnerabilities ensure that a particularly thorough test of your systems is carried out. The test also includes a Denial of Service (DoS) attack during a timeframe that has been agreed in advance.
A test at level 2 is ideal for companies that wish to know whether their IT systems are vulnerable to targeted attacks from skilled hackers.
Level 3
At level 3 we carry out a test with insider knowledge as per agreement. A level 3 test will often include a test of your web applications following login with a username and password. Another typical test is a review of your firewall protocols in order to ascertain whether such insider knowledge can be used to find loopholes in your firewall security. At this level we exploit our extensive experience to make sure that we always remain one step ahead.
A test at level 3 is ideal for companies that wish to know whether their IT systems are vulnerable to targeted attacks from industrial spies and skilled hackers with insider-knowledge
| Security levels |
Test methods |
Test results |
| The IT systems can cope with: |
We test with: |
You will receive a response as to whether penetration is possible by: |
|
Level 1:
Simple, coincidental attacks |
Automatic tools |
Worms, viruses and amateur hackers |
|
Level 2:
Targeted attacks |
Tools and manual tests |
Tools and manual tests |
|
Level 3:
Targeted attacks with insider knowledge |
Further tests and analyses |
Industrial spies, customers, business partners, former IT employees and highly skilled hackers |
A test at level 2 always includes a test at level 1, whilst a test at level 3 always includes a test at levels 1 and 2. |
| |
| Do-it-yourself tools |
| If you wish to test your IT systems yourself on an ongoing basis - e.g. as a supplement to StaySolid™ - you have the option of purchasing some of the automatic scanning tools that we use ourselves when testing. Our toolbox includes advanced vulnerability and web-scanning tools. |
|
|
|
|
|
|
|
|
|
|
 |
|
The purpose of StaySolid™
- Possibility of sealing security leaks in the systems.
- Documentation of security level to the management or a third party.
- Approval of services supplied by external suppliers, e.g. web applications, or outsourcing partners.
|
|
|
|
|
|
|
|
|
