Non-Technical Security
Social engineering assessments and testing
Our social engineering services are designed to identify operational and procedural shortcomings that allow people, generally staff, to introduce vulnerabilities and exposures into information systems by way of their behaviour. The objective is not to penalise individuals but rather to identify the environmental causes of poor security which are frequently issues of awareness.
Site & facility security assessments
Our site/facility security assessments are designed to identify security weaknessess and exposures in physical sites and associated controls. Typically such reviews include an assessment of access control measures, security monitoring & CCTV and site procedures.
Supplier & partner security assessments
Security standards such as ISO27001 (as well as best practice), mandate that proper due care and due diligence have been followed when negotiating supplier and partnership contracts.
This not only involves ensuring that any technical system and connectivity security issues associated with connectivity have been properly identified and controlled as part of the audit process, but also that business requirements such as proper contracts and Service Level Agreements (SLAs) have been negotiated and implemented.
Digital Assurance assists organisations with ensuring that any partnership agreements are properly co-ordinated both technically and with respect to the business and that they comply with relevant standards.
Intrusion Detection System (IDS) testing
IDS testing is a means of evaluating the performance and effectivness of in-house or out-sourced intrusion detection systems by means of simulated network or system attack.
This type of testing often helps provide assurance that detection measures are effective and that incident handling and escalation communication paths are robust and functional.