It has long been acknowledged that, for any new application or system, it is far better to include security considerations during key points of the project lifecycle - primarily to ensure that appropriate security controls have been included in the design from the outset, and to also avoid costly and inconvenient retro-fitting of security controls after the system has gone into production. When we are engaged in security testing for our clients, we invariably discover issues that could have been avoided had the proper checks been in place earlier in the project lifecycle.
Securus Global provides a suite of project services that are geared towards facilitating successful delivery of a secure system. We will work alongside your project and IT delivery staff and provide the necessary checks and expertise along the way.
Our project security services include the following:
Business Impact Assessment (BIA)
This important first step puts the system or application in context from a business perspective, so that important decisions can be made during the design phase about the level of security required. This assessment will typically occur at the 'requirements' phase of the project and will involve the key business stakeholders or information owners. The output will be a rating of the business impact, should there be a compromise of the confidentiality, integrity or availability of the system or its data.
Technical Risk Assessment (TRA)
This assessment will typically occur after the 'design' phase of the project and will review the proposed security controls that will protect the system and its data. The main activities will include:
- Identify the threats that are relevant to the system.
- Assess the proposed security controls and how effective they are in protecting the system against compromise.
- Determine the residual risk rating based on the effectiveness of security controls and the potential business impact (identified through the BIA process described earlier).
- Provide recommendations on how to further reduce the overall risk level, where applicable.
The TRA process can also be used as a useful tool to measure, in advance, the level of compliance to company and/or industry security standards (e.g. PCI DSS).
Vulnerability and Penetration Testing
This final crucial step will determine whether the agreed security controls have been implemented correctly. These security testing services have earned Securus Global a reputation as leaders in the industry. Refer to the specific service descriptions for more information on these services.