Consulting

BOSS (Business Oriented Security Services): consulting to make feasible the business evolution with adequacy of the security and compliance structure, strategic analysis and security tactics in the business processes, aid in the integration of IT processes and resources with business goals, development of security processes with the market and partners pursuing strengthening of image, consulting for investment prioritization based on risk management and minimization of compliance requirements.

GRC (Governance, Risks and Compliance): audit, compliance analysis, adequacy and certification on the main standards and regulations (ISO 27001, ISO 20000, COBIT, Sarbanes-Oxley, PCI DSS), creation of the security directive plan, corporate governance, risk management, preparation of the business continuance plan, development of processes and policies.

Security Assessment and Control Implementation: analysis of vulnerabilities and risks, system homologation based on ISO 15408, revision of the application source code, intrusion tests (penetration testing), social engineering, physical security analysis, hardening and security baselines for applications, servers, workstations and network.

Incident Response and Forensic Analysis: proper isolation of the affected structure, identification of the extent of the incident, gathering and analysis of forensic evidences, preparation of the expert examination report, everything aimed at identifying any vectors of attack and recovering IT environments after security incidents.

Training and Awareness: customized in-company and out-of-company training courses, sensitization campaigns, training in the best practices of safe development, speeches and seminars, campaign for awareness in compliance and standards, professional certification.