Technical Assurance

Understand your organisation's technical vulnerabilities.

Technical assurance is a broader collection of processes that can be used to identify and mitigate security weaknesses in a system or environment outside of traditional penetration testing.

To complement direct penetration testing and exploitation, it provides broader coverage across the entire lifecycle of a system, from the initial architecture through the mechanisms used to develop and deploy the system, to compliance with requirements from both local security policies and industry standards and ongoing validation of the security state.

Architecture Review

The specific approach will depend on the scope of the assessment, and the objectives of the organisation, but will generally require close interaction with the client, and a detailed understanding of the business goals.

Learn More

Build Review

This service makes use of automated tools and manual inspection, and requires a high level of understanding of the client’s intended use of the system.

The exact process depends on the system or component being assessed, the environment in which it is to operate, and the organisation’s appetite for technical risk.

Learn More

Firewall Rule Audit

This service makes use of automated tools and manual inspection, and requires a high level of understanding of the client’s business model and typical Internet use.

The exact process depends on the network and device being assessed, the environment in which it is to operate, and the types of network activity generally permitted.

Learn More

Incident Response Preparedness

Preparation is the most important stage of the incident response process, and is also the most commonly overlooked. Establishing and testing incident response processes before an incident happens significantly increases the likelihood of an organisation being able to respond in a timely and effective manner. Having these processes in place can also demonstrate that the organisation is taking a proactive approach towards security, and is required by a number of standards such PCI DSS and ISO 27001.

Learn More

Risk Assessment

The specific approach taken will depend on the organisation, and any specific requirements that they may have, however, a typical risk assessment will include several common components and align to industry good practice standards such as ISO 27005 (“Guidance on managing information security risks”)

Learn More