SECURITY ASSURANCE
Be pro-active
Prevent rather than respond.
It is a no-brainer that preventing any problem from ever occurring is far more preferable than dealing with the outcome. The same principle is applicable to cyber security.
Through our Assurance service line, we help you identify the “holes” in your organization, products and corporate mentality, and we propose to you the best state-of-the-art unbiased solutions.
If you think that you have done everything correct, lets us verify this from the “hacker perspective”, before the real-world ones do.
Web / Desktop / Mobile Applications
IT Infrastructure
OT/ICS Infrastructure
IoT security
Web / Desktop / Mobile Applications
Application Source Code Review
Is your application Secure? Give us a sec and we’ll let you know.
An in-depth analysis of your application’s code to identify security vulnerabilities, by using automated (SAST and DAST) and manual approaches.
OWASP ASVS Certification
Have you wished for an easy, quantifiable answer on the question, “How secure is your app?”
Audit & Delivery of OWASP Application Security Verification Standard certification on the level of your choice. Regardless if you are the one selling or buying the software, we can verify it for you.
OWASP OpenSΑΜΜ Certification
“Are you capable of delivering secure software? ”, answer the cumbersome question with specific metrics. Neat isn’t it?
We assess the security capabilities of your SDLC, and we help you achieved the targeted level according to OWASP Software Assurance Maturity Model.
Security Plan / Requirements Development
Leave your security planning to the professionals.
Security roadmap, and Security requirements definitions fine-grained for your project needs.
Threat Modeling
Set the security controls needed for your application, without overdoing it.
Early identification, and enumeration of potential threats according to your application architecture, and design.
Application Penetration Test
Let us try to hack your app or systems, and fix any potential problems, before the real criminals exploit them.
Our experienced team simulates a cyberattack on your systems, in order to evaluate their security level. The ultimate purpose being to identify any weaknesses and propose appropriate fixes.
IT Infrastructure
System Penetration Testing
Is your IT infrastructure safe?
Our consultants will leave no stone unturned looking for vulnerabilities in your infrastructure.
Technical Security Assessment for identification and exploitation of vulnerabilities across networks and services in your infrastructure.
VoIP, Wi-Fi Penetration Testing
We make sure that no one is listening to your calls, and that you don’t unwilling “share” your Wi-Fi with your “neighbours”.
Technical Security Assessment and exploitation for your Wi-Fi network(s), and/or VoIP installations
Vulnerability Assessment
We can find the ‘cracks’ on your IT infrastructure and patch them, before they bring the whole structure tumbling down.
Vulnerability Identification for your IT infrastructure including systems, networks, services etc.
Honeypots
Call our consultants to set up cunning traps within your system so you can catch any unwanted visitors.
Security controls and mechanisms for early and accurately detection of adversaries acting against your infrastructure.
Compromise Assessment
You ask yourself “Have I been hacked?”, but you have no log management and no SIEM.
No worries… We can tell you either way.
A discovery on whether your organization has faced a security breach in the past, and a review on the current status of a potential intrusion and its implications.
Forensic Investigation
What you have seen on TV shows, only difference ours is applicable to real courts of law.
Collect and gather cyber-crime relevant information sources, analyse and examine the content, conclude on the impact of a cyber security incident, and provide court-supporting digital evidence.
Red Teaming
You’ve built your walls, you incorporated security controls, and most importantly you’ve trained your people. Now all that’s left is to test your defence mechanisms by simulating a real-life attack.
Can your Blue Team beat our Red Team?
We assemble a team of elite cyber security consultants to perform a full scope, multi-layered attack simulation to evaluate how well an organisation’s networks, applications, physical security controls, and its people can withstand a coordinated attack in real-life situation. We employ APTs, targeted to your infrastructure. Our goal is to get access to your most critical information, without you even knowing it.
White Box RT
We won’t stop until we break you!
Instead of the traditional sniper approach of an RT engagement, the white box approach tries to overcome all your security controls in every way possible.
OT Infrastructure
Server OS Assessment
TwelveSec, keeping your “robots” loyal since 2012.
Security Assessment of your OT device operating system.
Control Applications Assessment
We keep your monitoring & supervising equipment healthy, so you in turn can safely monitor the health of your operations.
Security Assessment of the Industrial Control applications.
PLC / RTU Assessment
PLC or RTU a debate as old as vanilla or chocolate!
Wherever you stand on this debate there is one thing you can be certain of, either way our consultants will keep your automation processes safe.
Security Assessment of automation devices and interfaces.
IoT security
OS Hardening
Enhance the security of your IoT device.
Avoid the damaging headlines if something goes bad.
Enhancing your workstations and/or critical systems security configuration. Compliance with PCI-DSS and other international InfoSec standards.
OS Security Review
Enhance the security of your IoT device. It is less of a hassle than answering questions for the press if something goes south.
Assessing and auditing operating system’s security status and exposure.
Architecture Review
Be proactive, call us to evaluate your architecture.
Why solve problems when you can avoid them all together?
High level assessment of the overall security posture of your IoT installation and setup.
SECURITY MANAGEMENT
A one stop solution for security
Complete security solutions for the organisation’s management. Our team of experts can assess, review, or even design your entire security management system from scratch, based on best industry practices and drawing on our own significant experience implementing numerous information security management projects globally.
TwelveSec helps your organisation to meet regional or international information security compliance laws, standards, and regulations, including but not limited to ISO 27001, GDPR, PCI, and PCI-PA DSS.
Ensure your company is compliant with information security best practices and all the latest regulations
Risk Assessment
What might happen when things go bad.
Early identification of potential risks affecting your assets.
Gap Analysis
Wait! You need to do this as well to get verified.
Analysing the missing points from achieving industry standards such ISO-27001 and PCI-DSS.
Business Impact Assessment
What will it cost you when things go bad.
A holistic process to address effects on business functions upon a security breach.
QMS / HR Security Hooks Implementation
We make sure that your departing personnel leaves only with their personal items.
Design and Implementation of Quality / HR Management Systems for quality and security.
Data Classification
An orderly house is a safe house.
Organising your data for retrieval, management and security purposes. A required step before implementing a Data Leakage Prevention (DLP) solution.
ISMS Development and Implementation
We deliver a finished solution; one less headache for an overworked CISO.
Information Security Management System design and development according to your organisation’s needs.
GDPR Consulting
What you need to do if you do business in the EU, or with EU citizens, and you don’t like lawsuits.
Let our consultants help you out.
Advisory on EU General Data Protection Regulation 2016/679.
Preparation and pre-assessment
Get the certification of your dreams.
Consulting and advisory on the details required to achieve industry standards (e.g. ISO-27001, PCI-DSS etc.).
SECURITY TRAINING
We share our know-how
Training the staff of an organisation can stop a malicious user from gaining access to your systems. TwelveSec offers the following training programmes aiming to cover the personnel needs for every level of your organisation.
Always remember, your security is as strong as your weakest link.
Provide all your employees, including developers, administrators and security personnel, with the right training
Secure Software Design / Development
Instil security principles to developers.
Training for your architects, developers, and devops on producing secure software.
Security for IT
Keep your first line of defence up to date. Paint your team Blue.
Technical security training for your IT experts.
Incident Handling
DON’T PANIC! Just follow the instructions and all will be fine
Hands-on training on developing and deploying a complete approach on handling any incident, in a structured and precise manner.
Digital Forensics Training / Workshop
CSI got nothing on us.
Hands-on training on how to identify forensic evidence in digital incidents.
Security for Everybody
And when we say everybody, we mean everybody… even Mary from Accounting.
Advisory and training for general awareness regarding security topics.
Malware Analysis
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Sun Tzu
Hands-on technical training on the tools, techniques and methodologies on how to analyse malware.
ISMS Implementation
DIY ISMS, learn how to do it.
Training on how to proceed, and develop your own Information Security Management System.
Service Management System Implementation
Add compliance to your everyday lexicon.
Training on how to develop management systems for your services according to industry best practices.
Intrusion Detection
It has been always wise to build on solid foundations.
Hands-on training on creating a network environment that detects known, as well as unknown system and network threats.
Live Hacking Awareness
Seeing is believing! Our consultants present real life scenarios to increase awareness.
Security awareness training aiming to illustrate hacking impact in an individual / organisation. Showcase to your employees what will happen if those new policies are not enforced.
Penetration Testing Web/Mobile/IT
Because you can never know enough.
Technical training on ethical hacking. Offered in three Tiers (Beginner, Intermediate, Advanced).
TTX
Roleplaying!!! Sadly, not the one you are thinking…
A tabletop exercise, or TTX, is a role-playing activity in which players respond to scenarios presented by one or more facilitators. Players usually play their own role of Paladin, CEO, IT lead, or communications rep, but they can also play other roles to fill in gaps.
Actually role-playing a situation identifies gaps in your communication channels / capabilities and helps you plan improvements on your Incident Response process.