In the control of Information Security Systems, just as in any other process subjected to the objectives of the company, it becomes necessary to control the activity by applying methodologies that would permit comparing the real outcome of the process to the original plan, so as to detect and immediately correct any deviation from it.

This information comprises a solid and highly advisable base for the making of the most appropriate decisions in view of each particular situation.

1. Penetration Test, External and internal.

The applied methodology considers all the potential situations to which the security components might be exposed during an intrusion or an internal or external attack, always operating in a real environment.

The activities are carried out in a controlled environment, which prevents affecting the productions systems, but at the same time guarantees to obtain absolutely real results.

This methodology works on two different fields:

External:We simulate an external intruder, using the mediums of communication of the installation towards the exterior.

Internal: We simulate an internal intruder, that is to say, an employee of the company with different access levels and the resources normally available.

The outstanding result of these procedures is to have precise and objective information about the existent security weaknesses and their possible exploitation by intruders, and on this basis, develop different solution proposals to successfully face this potential attacks.

2. Technological Risk Analysis.

An appropriate risk analysis is the essential basis to the development of data security policies and norms that will totally and successfully fulfill our objectives in the different Security Fields.

On the other hand, this procedure is highly useful and reliable as a control tool applied periodically, because it allows to detect potential flaws or weaknesses that are constantly generated by changes in the field of operating and applying systems, as well as technological advances.

The procedure applied by CYBSEC S.A aims at a team work with the experts of the company for the identification and classification of your computer assets to develop, on those basis, impact matrices and occurrence probabilities. Finally, on this matrices, we develop the matrices for installation risks.

This procedure provides us with reliable data to define the action priority scale and the allocation of resources meant to protect your computer assets according to their degree of exposition to any kind of hazard.

3. Functional Audit of Security.

This service consists mainly in carrying out a systematic analysis of profiles and permits which are assigned to users to access the applications, data base and files, evaluating if these meet the security norms and procedures currently applied.

The outstanding utility of this service is that it allows to maintain in a minimum level security disruptions and deterioration that arise from the constant changes in profiles and authorizations.

Using valid user profiles, CYBSEC S.A. experts verify that these have access exclusively and only to applications and data to which they are authorized. Each level of access permits an adequate use of information and the required functionality, and evaluates the structure of the authorization levels as a necessary and essential component for a safe management of information.

Our reports show the obtained results and propose what changes should take place to correct the detected problems.

4. Evaluation of Web Applications.

The massive use of web applications has shown its efficiency in the corporate field as well as in the institutional field and it should be stressed that a high security level is a necessary condition when handling data, no matter if it is yours or someone else's data.

Achieving an effective web application protection scheme has become an outstanding objective in the management of information security.

The procedure applied by CYBSEC S.A. expects to carry out revisions and evaluations of web application security (Extra-nets, Home-Banking systems, E-Commerce, etc) using the latest security techniques and methodologies.

The evaluations take are carried out in two different scenarios:

External:we carry out the evaluation through the external mediums of communication, mainly Internet. In this way we can identify the vulnerabilities and security weaknesses of the application.

Internal:we carry out the evaluation using a valid username and password. In this way we can detect existent security gaps in the operating systems as well as in the application systems.

As a result of this service, we can expose a detailed report of the flaws and security gaps of the applications, along with the solutions that will solve the different problems.

5. GAP Analysis

The decision to align a company or institution with international norms as far as information security is concerned requires an evaluation to determine very precisely the gap between the current situation and the situation previously stated as an objective.

CYBSEC S.A. carries out GAP Analysis at a documentary level (Process documentation, policies, norms, standards, guides, etc) and at a technical level (net security, platforms and applications), in both cases according to the international standard that the company chooses to implement (ISO 17799, 27001, Sarbanes Oxley, Basilea II, etc).

The procedure is oriented to determine the size of the disruption in the different components under analysis and, based on this information, determine the activities, resources and reasonable terms to reach the previously stated objectives.

6. LOG Management

Having an elaborate tracing function is an essential component in the investigation and resolution of any kind of incident related to information security. To this end, CYBSEC S.A. has the necessary abilities to define, develop and put into action a LOGS Policy, configuring all net devices, operation systems, data basis and applications to centralize the LOGS to finally be able to store, analyze and monitor them.

The methodology developed by CYBSEC S.A. starts from the analysis of the characteristics and distinctive features of the computer platform, to design and implement a LOGS management system using LOG Servers, configuring net devices, operation systems, data basis and applications to centralize LOGS and be able, finally, to analyze and monitor them.

This activity provides us with a systematic and reliable register of the activities that are carried out in the various system components and the data that they hold.

7. Wireless Infrastructure Analysis.

The intensive use of wireless communication makes security an essential part of your communication system, in its design as well as in its operation. Once we have achieved this, security maintenance must be a basic and unforgettable part of the routine of your company.

The services that CYBSEC S.A provide include the recollection of the requirements of net access and the services applied to that end, with which is possible to define the infrastructure of functional and communication support.

Based on this information, it will be determined the most efficient alternative to design a secure functional scheme that will include wireless net designs, Access Point security configuration and also terminal configuration.

The outstanding result of this practice is that it provides us with significant advantages that, in some cases, represent having a secure wireless communication system, and at the same time we maintain a high security level that will not compromise the security of the information held in the installation.