ISO/IEC 27001 - Information Security Management System

Information is critical to the operation and perhaps even the survival of your organization. Being certified to ISO/IEC 27001 will help you to manage and protect your valuable information ../assets.

ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.

This helps you to protect your information ../assets and give confidence to any interested parties, especially your customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS.

Establisment of the ISMS is concluded by the key controls on following security sections:

  • - Security Policy
  • - Organisation of Information Security
  • - Asset Managemet
  • - Human Resources Security
  • - Physical and Environmental Security
  • - Communications and Operations Management
  • - Access Control
  • - Information Systems Acqusitions, Development and Maintenance
  • - Information Security Incident Management
  • - Business Continuity Management
  • - Compliance

ISMS consultancy service will provide high level support, prevent unnecessary investments and establishment of ISMS in a short tme period.

PCI DSS Compliance

Maturity of the compliance to PCI DSS will be assesed by experienced professionals and, technical gaps in following main requirements will be eliminated and related risks will be mitigated in timely manner:

  • - Build and Maintain a Secure Network
  • - Protect Cardholder Data
  • - Maintain a Vulnerability Management Program
  • - Implement Strong Access Control Measures
  • - Regularly Monitor and Test Networks
  • - Maintain an Information Security Policy

COBIT Compliance

COBIT is a comprehensive framework for IT best practices. It is a well-defined framework of interest and relevance to all IT stake holders. This consultancy service is provided by consultants who have extensive experience in the areas of Information Systems Audit, Information Controls, Information Security.

DoS/DDoS Testing and Analysis

DDoS/DDoS is the most popular attack in internet infrastructure. Dozen of well-known internet sites or services became a victim of different size of such flood attack. This service simulates and performs such attacks and draw a picture of your infrastructure against DoS/DDoS attacks proactively.

Stress and Load Tests

Stress and Load tests determine the ability of infrastructure, system or application to perform while under load. The aim is to stress or load an aspect of the system to the point of failure and being to determine weak points in the system architecture. The result of the tests provides proactive actions you should take in the architectural design of your infrastructure, system or application.

Network and Infrastructure Security

The servers, personal computers, terminals and basic network devices located in your company establish your network backbone. The most valuable data, within your company, either stored or transported through this backbone.

The tests to be performed will determine possible security weaknesses and the risk of attacker to access where and what kind of data in case of an intrusion.

UNIX / Linux System Security

The security hardenings, implemented on your Unix / Linux systems, will be mitigating the possible risks arised from the targeted attacks to these systems.

Penetration Testing

Penetrations tests, performed against systems and processes, give ability to determine possible threats, security weaknesses, and vulnerabilities. Through the projection of the test results, you resolve the vulnerabilities, take actions to prevent reoccurrance of the vulnerability and maintain policies.

It is highly recommended to perform penetration tests at least two times a year.

Penetration tests are performed within the following areas:

  • - Web Application Tests
  • - DNS Service Tests
  • - E-Mail Service Tests
  • - Wireless Network Penetration Tests
  • - Mobile Devices Security Tests
  • - ATM Penetration Tests
  • - Internal Network Penetration Tests
  • - Social Engineering Tests
  • - General Security Tests Regardig Servers and Services
  • - Network and Communication Devices Security Tests and Assessments
  • - Firewall and IDS/IPS Devices Security Tests and Assessments
  • - Virtualization Environment Security Tests
  • - Domain and PC Security Tests
  • - Database Security Tests and Assessments
  • - DoS/DDoS and Load Tests

Web Application Security Tests

Your compaby website and the web application you served are the window to the world. On the other hand, these are the potential intrusion point for an attacker. Web application security tests performed on your applications will allow you to determine the stability or the weaknesses of the applications against attacks.

Web application security tests, to be performed on, are based on the Open Web Application Security Project (OWASP) testing methodologies. Effective recommendations for risk mitigation will be reported as a result of the security tests.

Cloud Computing Security Services

Serving on the cloud has become a value for institutions as a result of the developping technologies and services served. Cloud computing, the developing new technology, brings new risks that may occur. Provided cloud seurity services will help you to identify and mitigate the risks to be faced, in this area.

Mobile Application Security Testing

As well as simplifying the daily life, mobile applications carries unexperienced new risks due to accessibility requirements. These potential risks emphasize the importance of security tests in mobile application era. Mobile application security tests, performed by experienced professionals, will ensure the protection of corporate data and mitigate security risks tah may occur.

Vendor Security Reviews

According to the requirement of "Communique on Principles to be Considered in Information Systems Management in Banks", published by BDDK, all banks become responsible for reviewing both their own and vendors' informations systems. Secrove provides services to perform vendor security reviews by experienced professionals.

Incident Management Computer Forensics and Examinations

Volume of the cyber crimes increase due to more business processes to be carried out on information systems. Fraud, cyber terrorism, theft of data on such incidents are frequently encountered in information systems. In order to clarify the incidents, taking placed on information systems, evidences must be collected and analyzed in a technological and scientific manner without intact. Secrove provides emergency response, incident management forensic analysis services by experienced professionals with technology equipments.

Business Impact Analysis and Risk Mangement Services

Business impact analysis helps determination of critical business processes within the organization and prioritization according to the effect on business model and determination of business continuity steps. Additionally, information security threats and the risks caused by, business activities, assets, external sources must be indentified, classified, prioritized, mitigated or managed. therefore the business continuity is ensured. Secrove provides professional services to support identifying and managing risks within the business processes.