- Secure Wireless Networks
- IT Risk Management
- Information Security Audit
- Information Security Policies, Procedures and Standards implementation
- Incident response
- Security Awareness Program
- Network perimeter vulnerability assessment
- Penetration testing
Every company which considers Wireless Network deployment asks the following questions:
- Is the choosen wireless solution secure?
- What are the business risks of wireless implementation?
Upon request, we will provide customised wireless security training programs.
IT Risk Management
IT Risk Management helps minimize business risks of information disclosure, services unavalability or information assets modification. Current international and Russian Risk Management methodologies and tools are difficult to use in large enterprises. Also, the result of such tools can rarely convince Top Management for additional information security spendings.
We took into consideration these shortcamings while developing our own Risk Management solution, which is based on Carnegie Mellon University “Managing Information Security Risks: The OCTAVE Approach” guidelines and the only international Risk Management Standard “AS/NZS 4360:1999”.
Our Risk Management methodology is used in several large Russian enterprises.
Information Security Audit
This service provides a comprehensive review of your enterprise's security posture. The duration of the audit is dependent on the complexity and geographic distribution of your locations. The following is a comprehensive list of what the audit covers
- Administrative Security Review;
- Host configuration Security Review;
- User Access profile assessment;
- Physical Security Review;
- Policy & Procedure Review;
- Network Topology Security Review;
- BCP/DRP Review.
- Complete information security posture;
- Description of findings, impact and recommendations;
- We are helping with recommendations deployment.
Implementing the right information security policies and procedures can make the difference between unsecured mission-critical information assets and a secure, business-friendly collaborative environment. The purpose of information security is to protect an organisation's valuable information resources.
Kerberus ensures the selection and application of appropriate safeguards to help protect your physical and financial resources, reputation, legal position, employees and other tangible and intangible assets. While working for our clients we gained unique experience in the following Policies, Procedures and Standards implementation:
- Data Classification;
- Risk Management;
- Security configuration standards for various systems;
- Corporate Information Security framework, including, but not limited to:
- Passwords policy and procedures;
- Access control policy and procedures;
- Anti-virus policy and procedures;
- Information systems audit policy and procedures;
- Internet policy and procedures;
- E-mail policy and procedures;
- Incident response policy and procedures;
- Monitoring policy and procedures;
- Remote access policy and procedures;
- Physical security policy and procedures;
- Encryption policy and procedures;
- Personell policy and procedures;
- Change management policy and procedures;
- Network security policy and procedures;
- Acceptable use policy and procedures;
- Backup policy and procedures;
- Third parties access and services policy and procedures;
- Use of computer equipment from outisde of company premises policy and procedures.
In the event of a serious security breach, Kerberus offers incident response coverage in 24 hours. No matter where your business is located, a Kerberus incident response team can be there fast, with highly skilled and experienced security analysts who hit the ground running in any systems environment. They will move quickly to recognize and stop the spread of the breach. Once the breach has been contained, they will salvage as much data as possible to assist in forensics investigation or prosecution of the intruder(s).
Security Awareness Program
Security Awareness Program is one of the key elements in organization's information security. Security Awareness Program provides regular employees' training on corporate information security policies, procedures, standards and current information security legislation.
Network perimeter vulnerability assessment
Many organizations are continually updating systems, granting access to users, and installing new, increasingly complex applications and services. Most new network modifications increase infrastructure complexity-and complexity is the enemy of security. Many global enterprises find it difficult to keep up with the constantly changing array of vendor and IT exploits.
Our services allows customers with large distributed networks to consolidate management of vulnerability scanning. Network perimeter vulnerability assessment establishes and maintains an asset inventory, and identifies the most critical vulnerabilities impacting an enterprise's ability to protect those assets.External scans can be delivered on demand, or in weekly and monthly intervals.
Our approach to penetration testing differs from many other security companies. We employ a dedicated Penetration Test team who use human intelligence and experience to carry out our tests and don't rely on automated tools.
Companies install and configure all kinds of security technologies, such as firewalls, network- and host-based intrusion detection systems and virtual private networks. They all contribute to what looks like a complete and integrated security set-up. The objective, of course, is to safeguard applications and data against the threat of a hacker attack. But does it work? Automated scanning tools or standard testing procedures can help validate the efficiency of these security measures. But the only real test is an attempted attack by a hacker.
The difference is you receive:
- A conscience report that provides a prioritised list of security issues;
- The security issues have been hand checked to ensure that you are actually vulnerable;
- Full recommendations on how to resolve the highlighted issues are provided.