SECURITY ASSURANCE

Be pro-active

Prevent rather than respond.

It is a no-brainer that preventing any problem from ever occurring is far more preferable than dealing with the outcome. The same principle is applicable to cyber security.

Through our Assurance service line, we help you identify the “holes” in your organization, products and corporate mentality, and we propose to you the best state-of-the-art unbiased solutions.

If you think that you have done everything correct, lets us verify this from the “hacker perspective”, before the real-world ones do.

Web / Desktop / Mobile Applications

IT Infrastructure

OT/ICS Infrastructure

IoT security

Web / Desktop / Mobile Applications

Application Source Code Review

Is your application Secure? Give us a sec and we’ll let you know.

An in-depth analysis of your application’s code to identify security vulnerabilities, by using automated (SAST and DAST) and manual approaches.

OWASP ASVS Certification

Have you wished for an easy, quantifiable answer on the question, “How secure is your app?”

Audit & Delivery of OWASP Application Security Verification Standard certification on the level of your choice. Regardless if you are the one selling or buying the software, we can verify it for you.

OWASP OpenSΑΜΜ Certification

“Are you capable of delivering secure software? ”, answer the cumbersome question with specific metrics. Neat isn’t it?

We assess the security capabilities of your SDLC, and we help you achieved the targeted level according to OWASP Software Assurance Maturity Model.

Security Plan / Requirements Development

Leave your security planning to the professionals.

Security roadmap, and Security requirements definitions fine-grained for your project needs.

Threat Modeling

Set the security controls needed for your application, without overdoing it.

Early identification, and enumeration of potential threats according to your application architecture, and design.

Application Penetration Test

Let us try to hack your app or systems, and fix any potential problems, before the real criminals exploit them.

Our experienced team simulates a cyberattack on your systems, in order to evaluate their security level. The ultimate purpose being to identify any weaknesses and propose appropriate fixes.

IT Infrastructure

System Penetration Testing

Is your IT infrastructure safe?
Our consultants will leave no stone unturned looking for vulnerabilities in your infrastructure.

Technical Security Assessment for identification and exploitation of vulnerabilities across networks and services in your infrastructure.

VoIP, Wi-Fi Penetration Testing

We make sure that no one is listening to your calls, and that you don’t unwilling “share” your Wi-Fi with your “neighbours”.

Technical Security Assessment and exploitation for your Wi-Fi network(s), and/or VoIP installations

Vulnerability Assessment

We can find the ‘cracks’ on your IT infrastructure and patch them, before they bring the whole structure tumbling down.

Vulnerability Identification for your IT infrastructure including systems, networks, services etc.

Honeypots

Call our consultants to set up cunning traps within your system so you can catch any unwanted visitors.

Security controls and mechanisms for early and accurately detection of adversaries acting against your infrastructure.

Compromise Assessment

You ask yourself “Have I been hacked?”, but you have no log management and no SIEM.
No worries… 
We can tell you either way.

A discovery on whether your organization has faced a security breach in the past, and a review on the current status of a potential intrusion and its implications.

Forensic Investigation

What you have seen on TV shows, only difference ours is applicable to real courts of law.

Collect and gather cyber-crime relevant information sources, analyse and examine the content, conclude on the impact of a cyber security incident, and provide court-supporting digital evidence.

Red Teaming

You’ve built your walls, you incorporated security controls, and most importantly you’ve trained your people. Now all that’s left is to test your defence mechanisms by simulating a real-life attack.
Can your Blue Team beat our Red Team?

We assemble a team of elite cyber security consultants to perform a full scope, multi-layered attack simulation to evaluate how well an organisation’s networks, applications, physical security controls, and its people can withstand a coordinated attack in real-life situation. We employ APTs, targeted to your infrastructure. Our goal is to get access to your most critical information, without you even knowing it.

White Box RT

We won’t stop until we break you!

Instead of the traditional sniper approach of an RT engagement, the white box approach tries to overcome all your security controls in every way possible.

OT Infrastructure

Server OS Assessment

TwelveSec, keeping your “robots” loyal since 2012.

Security Assessment of your OT device operating system.

Control Applications Assessment

We keep your monitoring & supervising equipment healthy, so you in turn can safely monitor the health of your operations.

Security Assessment of the Industrial Control applications.

PLC / RTU Assessment

PLC or RTU a debate as old as vanilla or chocolate!
Wherever you stand on this debate there is one thing you can be certain of, either way our consultants will keep your automation processes safe.

Security Assessment of automation devices and interfaces.

IoT security

OS Hardening

Enhance the security of your IoT device.
Avoid the damaging headlines if something goes bad.

Enhancing your workstations and/or critical systems security configuration. Compliance with PCI-DSS and other international InfoSec standards.

OS Security Review

Enhance the security of your IoT device. It is less of a hassle than answering questions for the press if something goes south.

Assessing and auditing operating system’s security status and exposure.

Architecture Review

Be proactive, call us to evaluate your architecture.
Why solve problems when you can avoid them all together?

High level assessment of the overall security posture of your IoT installation and setup.

SECURITY MANAGEMENT

A one stop solution for security

Complete security solutions for the organisation’s management. Our team of experts can assess, review, or even design your entire security management system from scratch, based on best industry practices and drawing on our own significant experience implementing numerous information security management projects globally.

TwelveSec helps your organisation to meet regional or international information security compliance laws, standards, and regulations, including but not limited to ISO 27001, GDPR,  PCI, and PCI-PA DSS.

Ensure your company is compliant with information security best practices and all the latest regulations

Risk Assessment

What might happen when things go bad.

Early identification of potential risks affecting your assets.

Gap Analysis

Wait! You need to do this as well to get verified.

Analysing the missing points from achieving industry standards such ISO-27001 and PCI-DSS.

Business Impact Assessment

What will it cost you when things go bad.

A holistic process to address effects on business functions upon a security breach.

QMS / HR Security Hooks Implementation

We make sure that your departing personnel leaves only with their personal items.

Design and Implementation of Quality / HR Management Systems for quality and security.

Data Classification

An orderly house is a safe house.

Organising your data for retrieval, management and security purposes. A required step before implementing a Data Leakage Prevention (DLP) solution.

ISMS Development and Implementation

We deliver a finished solution; one less headache for an overworked CISO.

Information Security Management System design and development according to your organisation’s needs.

GDPR Consulting

What you need to do if you do business in the EU, or with EU citizens, and you don’t like lawsuits.
Let our consultants help you out.

Advisory on EU General Data Protection Regulation 2016/679.

Preparation and pre-assessment

Get the certification of your dreams.

Consulting and advisory on the details required to achieve industry standards (e.g. ISO-27001, PCI-DSS etc.).

SECURITY TRAINING

We share our know-how

Training the staff of an organisation can stop a malicious user from gaining access to your systems. TwelveSec offers the following training programmes aiming to cover the personnel needs for every level of your organisation.

Always remember, your security is as strong as your weakest link.

Provide all your employees, including developers, administrators and security personnel, with the right training

Secure Software Design / Development

Instil security principles to developers.

Training for your architects, developers, and devops on producing secure software.

Security for IT

Keep your first line of defence up to date. Paint your team Blue.

Technical security training for your IT experts.

Incident Handling

DON’T PANIC! Just follow the instructions and all will be fine

Hands-on training on developing and deploying a complete approach on handling any incident, in a structured and precise manner.

Digital Forensics Training / Workshop

CSI got nothing on us.

Hands-on training on how to identify forensic evidence in digital incidents.

Security for Everybody

And when we say everybody, we mean everybody… even Mary from Accounting.

Advisory and training for general awareness regarding security topics.

Malware Analysis

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Sun Tzu

Hands-on technical training on the tools, techniques and methodologies on how to analyse malware.

ISMS Implementation

DIY ISMS, learn how to do it.

Training on how to proceed, and develop your own Information Security Management System.

Service Management System Implementation

Add compliance to your everyday lexicon.

Training on how to develop management systems for your services according to industry best practices.

Intrusion Detection

It has been always wise to build on solid foundations.

Hands-on training on creating a network environment that detects known, as well as unknown system and network threats.

Live Hacking Awareness

Seeing is believing! Our consultants present real life scenarios to increase awareness.

Security awareness training aiming to illustrate hacking impact in an individual / organisation. Showcase to your employees what will happen if those new policies are not enforced.

Penetration Testing Web/Mobile/IT

Because you can never know enough.

Technical training on ethical hacking. Offered in three Tiers (Beginner, Intermediate, Advanced).

TTX

Roleplaying!!! Sadly, not the one you are thinking…

A tabletop exercise, or TTX, is a role-playing activity in which players respond to scenarios presented by one or more facilitators. Players usually play their own role of Paladin, CEO, IT lead, or communications rep, but they can also play other roles to fill in gaps.

Actually role-playing a situation identifies gaps in your communication channels / capabilities and helps you plan improvements on your Incident Response process.