Security Assessment

Stactt provides all types of Security Assessment and Consulting, helping our clients to identify and analyze all possible security threats and organizational weaknesses. We use international standards, best practices and customer’s requirements to assess security vulnerabilities and risks. The objectives of each audit are customized for the client individually.

Our holistic approach ensures that the service deliverables include a list of vulnerabilities, along with ways and paths of their exploitation, risk assessment, suggestions on inadequate security controls and recommendations on organizational and technical improvements, which can be done to reduce security risks.

Business values of the Security Assessment services:

  • Reduced security-related business risks
  • Business owners and managers receive a real picture of what is going on
  • Enhanced effectiveness of infrastructure investment and management decisions
  • Improved business safety and controllability
  • Regulatory compliance is ensured

Stactt can also provide various related consulting services in addition to security audits.

Selected Stactt’s Security Assessment services:

  1. Risk Assessment and Risk Treatment.
    • Risk Assessment is the best way to optimize expenses for security, especially, for equipment and software, which prevents unauthorized access, system outage, malware outbreaks, data leaks and other security incidents. Risk Assessment begins from identification of security threats and considers threats directly related to technical vulnerabilities and to organizational deficiencies.
    • Risk Treatment is the next step in the risk management process. Development of risk treatment measures and estimating their budgets are outlined in Risk Treatment Plan.
  2. Security Process Audits help to prevent problems on early stages by analysing quality and effectiveness of company’s processes and procedures, and/or assessment of their compliance with the internal or external (regulatory) requirements.
  3. Penetration Testing (pentest) is an acknowledged effective method to check and assess quality and security of information systems. It involves technical analysis of IT infrastructure, systems, applications or other targets for security vulnerabilities. Pentesting imitates actions of cyber criminals to check the possibility of intercepting data, misusing systems, interrupting normal operations and other security threats. Please refer to the Penetration Testing section for more details.
    Our Testing methodologies and standards are based on NIST SP800-115, PTES, OWASP, EC-Council, CAPEC.
    The target objects that we can test include: Network perimeter and DMZ; wireless networks; web services and web applications; desktop and mobile applications; client-server systems; embedded systems and industrial IT objects.
  4. Security Testing of Source Code is an important part of both Security Assessment and the Secure Software Development Lifecycle, especially before software releases.
  5. Vulnerability Assessment is a cost-efficient way to control technical vulnerabilities in your infrastructure. Vulnerability scanning, verification, and analysis can be performed regularly or after significant changes only. Read more >>