Consulting

Security Diagnosis It´s a technical study that realizes a Security Advisor in enterprises, buildings, condos, local commercials or, state in general to determine the weaknesses and suggest the human resources and the most indicate materials to improve the security of the indicated workplace and decreasing the risk factors. With it, it creates efficient Security Plans, being finally a important inversion in security, which the utilities are secure environments, efficient security systems and, according to each reality workplace. Intern Vulnerability evaluation (LAN/WAN) The objective of this activity is to discover the existent vulnerabilities inside the customer´s network. The reach of this activity are ports and the institutional network from an inside spot evaluating the customer´s equipment (traditionally are the DMZ and the data network [LAN]). It is realized a evaluation in a automatic way with leading tools in the market designed to scan networks, in search of entering points and vulnerable configurations. Once obtain the results, it´s evaluated every find manually to verify its veracity and confirm that it has not been a failed asset. Extern vulnerability evaluation The evaluation of extern vulnerabilities is a security evaluation that focuses on the scanning of a network from a accessible range out of the organization. Its objective is to discover the possible vulnerabilities and determine their importance and for the organization. It is realized a automatic evaluation with leading market tools designed to scan networks in search of entering spots and vulnerable configurations. Once obtain the results, it´s evaluated every find manually to verify its veracity and confirm that it is not a false asset. Intern Penetration Tests The objective is to identify and try to disappear the existing vulnerabilities in the equipment, ports and the institutional network from an intern sport of the organization, evaluating the equipment (traditionally are the DMZ and the data network [LAN]), in the same way it will be done by a intruder. The activity inspects ports and the institutional network from an inside spot. It´s realized a leading market automatic evaluation designed to scan networks searching entering spots and vulnerable configurations. Forward it will be used tools to exploit the vulnerabilities with the objective of taking control over the equipment and search through them to penetrate deeper the customer´s network as much as possible to find any vulnerability. Extern Penetration Tests The objective is to identify and try to blast the existing vulnerabilities in the accessible equipment from the internet, in the same way a intruder will do. The activity checks ports and the institutional network from outside the organization evaluating the equipments which you could have remote access. It´s realized a automatic evaluation with the leading market tools designed to scan networks searching entering spots and vulnerable configurations. Forward it will be used tools to blast these vulnerabilities, with the objective if taking control of the equipments and search though them to penetrate deeper the customer´s network as much as possible to blast any other oncoming vulnerability. Social engineering The objective of the these tests is to determine the security level that an organization provides against attacks that have as final target the final user of the information systems and with this, try to gain access to the information systems. Through the range of the tests is the recollection of information by any media that could fortalice the knowledge about the customer and the users that the organization has and the use this information in different attacks ports. Wireless networks evaluation A Wireless Network Evaluation is a security evaluation that focuses on the wireless network scanning and evaluates if the wireless access spots could be recognized by its name and have active the encryption. It´s realized an automatic evaluation with the leading market tools designed to scan networks in look for entrance spots. Once obtain the results it´s evaluated every find manually to verify its veracity and confirm that is not a positive false for the organization. Maintenance and definition of the fulfillment program PCI-DSS The project target is to realize a analysis of the organization and a evaluation of the environment of the business turn process, delimiting the PCI-DSS range that should be protected and maintain, focused on the fulfillment of the PCI-DSS program. Annual Audit On site of PCI-DSS The target is to realize the validation audit with the requirements of PCI-DSS that keeps implemented the enterprise with processes-services with a PCI range according to the solicitude in the PCI-DDS norm. With the base in the range if the PCI defined by the customer, the consultants of SISAP (QSA) coordinate the interviews that are considered relevant, receive the correspondent evidence and coordinate the visits to the data centers and the business areas that should be evaluated. Later the QSA visits on site, checks evidence and, analyzes all the details of the visit (interviews, data center visits and, business area visits) with the objective of forming a judgment and fill the questionnaire of the audit to give the final result. System Audit It is the revision and evaluation of the controllers, systems, informatics procedure; of the computers equipment, its utilization, efficiency and, security of the organization that participate in the information process with the mindset that through the alternative curses it accomplishes the most secure and efficient utilization of the information that will be for a adapted decision board. This project is delivered by CISA, CISM, CISSP auditors. Creation of SGSI and companion ISO 27001 The risks a enterprise is vulnerable are endless. The information actives that are managed are so important for its strategic performance. If the instruction don’t establish systems that assure the integrity, the confident and, the availability of the information will never could accomplished their objectives and accomplish their mission. The risk, known as the chance that a threat attacks a determine vulnerability of the organization is always there. The idea of decrease the risk possibility in the information manage consists in establishing a management information system of the enterprise that allows decreasing the risk in lower levers and allows to assure the users have a system information they can trust al their information. A Security management information system (SMIS) is a manage system that understands the politic, the organizational structure, the procedure, the processes and, the needed resources to implement the security management information. It provides mechanisms to save the information actives and the systems that process according to the security politics and the strategic plans of the organization. Business continuity plan (BCP). Disaster recuperation plan (DRP) It consists in the importance that the information systems have in the auctioning of the institutions, SISAP has develop its own methodology based in international standards for the plan elaboration of the business continuity. Our methodology is divided in different faces that allows the institutions develop one project with time continuity and coherent objectives in such way that the elaboration plan of Disaster Recuperation Case (DRP) are the base and entrance for forward faces that will end with the Business continuity and the administration it requires (BCM). Inventory and classification of the information The classification of the information is a fundamental element on the organizations to respond in a efficient and effective way against the threats and the vulnerabilities the organizations are exposed. It requires the definition of security controls, processes and procedures, if it’s based in users, roles, rules or any combination between them that guarantee the authorization to access the information will be given just by the functionaries authorized at the end. The first challenge for the information classification to be effective is given, not just by the technology facilities it counts with, but for the involved people. It requires a high level of compromise of the High Administration level for all the efforts inside the organization have sense. This means that it will change, not just a cultural change, but the politics establishment and the procedures to control and assure the indicated access to the information. Security information politics We support the enterprises with the revision and improvement of their security information politics aligned with ISO 27000. Beside the politics its created the intern mechanism that allows the institution of keeping itself a continuous improvement cycle. GFACE Certification SISAP is an authorized enterprise by the ´Superintendencia de Admnistracion Tributaria de Guatemala´(SAT) for the issue of the security information certification. This certification is issued once verified the fulfillment of the requirements established by the normative for the operation of a Generator of Electronic Billing (GELB). Gap analysis and ITIL process implementation The organizations have every time a higher dependence on the information technologies. The systems departments and the activities developed by them have been traditionally seen as a support area, neglecting even many times the use of rational criteria to check their profitability, efficiency and, the service quality provide by all the organization. In a environment where the available periods of services are every time more amplified, where the customer´s or users exigencies are every time more elevated, where the changes of the organizations and business are more quick. It is important that the information systems are correctly organized and aligned with the business strategy. The management oriented to the TI services has help to get these goals for many world organizations. SISAP supports the institutions on the adoption of the managing model of ITIL based services that includes training for your employees, design and ITIL process implementation. We provide a road map of three faces to develop in a medium track the adoption of the model. Technology risk profitability The technology risk could be seen from 3 different aspects, the first aspect of the technology infrastructure (hardware or physical level), the second aspect is on a logic level (risk related with the software, information systems) and at last the risks of bad use of the mentioned aspects, that correspond to the human aspect as the last level. Profitability or Cobit implementation Through the implantation of the established practices in COBIT, you´ll understand your information systems (or technologies of the information) and decide the security and control level needed to protect the assets on your organization through the development of a administration technology model achieving the mayor recommended levels according to each organization.