Audits, security assessments, and risk analyses
Performance of external or internal audit activities according to the standards of ISO, NIST, or Czech legislation. We use conventional audit methods and procedures, but also unconventional ways of meeting the objectives of the fact-finding activities, always with the aim of improving the client’s safety level. Penetration testing methods may be used in audit assessment activities.
Penetration testing is one of our core activities. We perform black box and white box testing of technologies, systems, processes, and human factors safety. Our scenarios are not generic as they are always based on knowledge of asset value, understanding of vulnerabilities, threats, and risks. In cybersecurity, our penetration tests are fully aligned with NÚKIB (National Cyber and Information Security Agency) methodologies.
Security policies and strategies, concepts for managing the operation of information or security infrastructure
Creation of strategic documents and processes, their revision and implementation, life cycle management of strategies and policies. We help our partners maintain consistency of vision, strategy, and implementation documents not only on a one-off basis, but particularly on an ongoing basis.
A Red Team is a dynamically assembled team of IT and other offensive cybersecurity experts whose goal is to simulate or execute a cyberattack using the most effective tactics and techniques, including the initially intelligence or combat ones.
The Red Team will validate the possibility of potential intruders gaining remote or local access to the IT or OT infrastructure. It also verifies the organization’s ability to detect cyber attacks properly and respond to them in a right way, including adherence to established internal policies and processes. In specific cases, the Red Team can conduct penetration and attacking directly.
The Red Team operates from the scratch without detailed information about the entity being tested or attacked, and it has only legal limits in order to achieve its goal. When it comes to testing, the staff responsible for operations and defence are not informed about the performed tests.
We also deliver a special management course for Red Team leaders or commanders.