This is an old revision of the document!
Security compliance services
Review, Consultancy and Compliance services for the following standards.
Compliance to : NIST
Compliance to : ISO 27001
Compliance to : ISO 17799
Compliance to : ISO 27002
Compliance to : BS 7799
ISO/IEC 15408 Common Criteria
IEC 62443 : This cybersecurity standard defines processes, techniques and requirements for Industrial Automation and Control Systems (IACS)
Testing for : OWASP Top 10 Vulnerabilites
Compliance to : ISO/SAE 21434 : This is a cybersecurity standard jointly developed by ISO and SAE working groups. It proposes cybersecurity measures for the development lifecycle of road vehicles.
Checking for : CWE Top 25 Most Dangerous Software Errors
Compliance to : General Data Protection Regulation (GDPR)
ETSI EN 303 645 : This standard provides a set of baseline requirements for security in consumer Internet of things (IoT) devices.
Compliance to : NERC. The most common is NERC 1300, which is a modification/update of NERC 1200. The newest version of NERC 1300 is called CIP-002-3 through CIP-009-3 (CIP=Critical Infrastructure Protection). These standards are used to secure bulk electric systems although NERC has created standards within other areas.
Certifications of our consultants :
Certified Ethical Hacker (CEH)
Consultants for ISO 27001 certification.
Offensive Security Certified Professional (OSCP)
Common testing report deliverables include :
Overall Summary
Assessment Methodology
Type of Tests done Blackbox and Whitebox
Risk Level Classifications checked
Detailed Engagement Data
Scanning Results : Including root kit scans, virus scans, malware scans, and network scans.
Result Summary
Table of Findings
Detailed Findings. For each loophole found, the details can include
Severity and potential impact information related to the loophole.
CVSS score if available.
Issue Description
Proof of Concept
Suggested methods and actions to take to fix the loophole.