For any new application or system, it is far better to include security considerations during key points of the project lifecycle - primarily to ensure that appropriate security controls have been included in the design from the outset, and to also avoid costly and inconvenient retro-fitting of security controls after the system has gone into production. When we are engaged in security testing for our clients, we invariably discover issues that could have been avoided had the proper checks been in place earlier in the project lifecycle.
Securus Global provides a suite of project services that are geared towards facilitating successful delivery of a secure system. We will work alongside your project and IT delivery staff and provide the necessary checks and expertise along the way.
Our project security services include
This important first step puts the system or application in context from a business perspective, so that important decisions can be made during the design phase about the level of security required. This assessment will typically occur at the 'requirements' phase of the project and will involve the key business stakeholders or information owners. The output will be a rating of the business impact, should there be a compromise of the confidentiality, integrity or availability of the system or its data.
Whether new technology, hardware, software, application or critical infrastructure, Securus Global can provide you with a thorough review or advice in how to progress forward with a more robust security design. Much of what we test are bespoke reviews covering more than one component for security testing, a variety of platforms and technologies or innovative new technologies. If you have a complex or unique requirement we can also tailor a solution that covers specific requirements and constraints.
Examples of security risk assessments commonly undertaken include:
This assessment will typically occur after the 'design' phase of the project and will review the proposed security controls that will protect the system and its data. The main activities will include:
The TRA process can also be used as a useful tool to measure, in advance, the level of compliance to company and/or industry security standards (e.g. PCI DSS).
Vulnerability and Penetration Testing
This final crucial step will determine whether the agreed security controls have been implemented correctly. These security testing services have earned Securus Global a reputation as leaders in the industry. Refer to the specific service descriptions for more information on these services.