KITS - Presentation ENG
KITS - Presentation ENG
TABLE OF CONTENTS
04 our Clients
05 Introduction 06 Security Tests
Business area focused on performing Business area focused on delivering Cybersecurity assessments, Training and awareness in
Technical Security Audits namely, Consulting Services in Information namely 3rd Parties. Information Security (Lisbon Security
Penetration Testing. Security based on Industry recognized Academy), Awakening, Development,
Best Practices. Technical Controls Audits. Infosec Management.
Integrity has an innovative approach
for Persistent PenTesting (KEEP-IT- Integrity has an innovative approach for CIS Controls - Maturity Online / Video Training.
SECURE-24). Continued ISMS Services (KEEP-IT- Assessment or best practices
MANAGED-24). in information system Table Top Exercises for Top
Leading Portuguese company in configuration. Management.
what concerns to PenTesting Proven experience in the
regarding Certifications, Projects and implementation and support of the PCI QSA - Implementation
Team. International Standard ISO 27001, ISO Services and compliance
27701 and GDPR. support.
Our Team Profile We as a Service company are essentially focused and continuously invest in the
knowledge, the experience and in the continual training of our resources.
ISO 27001 (2012) ISO 9001 (2014) CREST (2014) and PNSC (2017) PCI (2020) and Bancontact (2021)
ISO 27001 is the International ISO 9001 sets out the criteria for Integrity is accredited by CREST for its Integrity was recognized by PCI Security
penetration testing services, after being Standards Council as a Qualified Security
standard for Information a quality management system submitted to a certification process for Assessor (QSA) certified entity.
Security Management and it’s based on a number of technological and management practices.
System, and for Integrity, quality management principles
being a key company in including a strong customer
Consulting, Advisory and focus, the motivation and
Auditing services in implication of top management,
Information Security, the process approach and
implementing and being continual improvement.
certified in the standard was
a natural next step. The scope of the certification
aims at Consulting, Auditing and
The scope of certification Advisory in Information Security
aims at Consulting, Auditing and Implementation of Integrity has the National Industrial Integrity is accredited by Bancontact to
Security Credential, with National brand carry out payment security assessments in
and Advisory in Information Management Systems. and Secret grade, assigned by the mobile applications.
Security of our clients' Portuguese National Security Cabinet
projects. (PNSC).
Some of Our Clients
Vulnerabilities
Cybercrime will cost the world $6.000.000.000.000/year
annually by 2021
(Cybersecurity Ventures)
Security Tests
Usually Information Security Testing is conducted in an Typically tests are performed on a yearly or
organization’s Risk Management processes by having semi-annual basis.
penetration testers performing Security Tests to its
defenses through the eyes of potential attackers.
These Security Tests are usually performed The Security Test deliverable is generally a report
by independent and external individuals who with the identified vulnerabilities description
will use methodologies and tools typically used by and recommendations to mitigate them.
potential attackers.
Traditional Pen-Test Model
KEEP-IT-SECURE-24
Reporting
Tests by Request
Cyclic Scanning
Perform specific tests to address
Perform/Run cyclic scans client needs
to the defined scope (Applications
and Infrastructure)
Critical 0-Days
Time
D
E
P
The depth of the one-off approach is reduced
when compared to the persistent testing T
KEEP-IT-SECURE-24 service. H
Time
KEEP-IT-SECURE-24 vs Traditional Pen-Test Model
Our focus is the Integrity of People, Processes, Information and
Organisations
KEEP-IT-SECURE-24 – Testing Activities
Complexity
KEEP-IT-SECURE-24 vs Traditional Pen-Test Model
Our focus is the Integrity of People, Processes, Information and
Organisations
Scenario:
Customer Size: Corporate
Typical Number of Apps: 10 (Critical) + 26 (Medium)
Published Vulnerabilities: 246
Pen-Test
Complex
Vulns
January December
KEEP-IT-SECURE-24 vs Traditional Pen-Test Model
Our focus is the Integrity of People, Processes, Information and
Organizations
Pen-Test Phases
KEEP-IT-SECURE-24 vs Traditional Pen-Test Model
Our focus is the Integrity of People, Processes, Information and
Organizations
In the KEEP-IT-SECURE-24
model, there is a bigger focus
on the testing phase,
particularly for web applications.
KEEP-IT-SECURE-24 vs Traditional Pen-Test Model
Our focus is the Integrity of People, Processes, Information and
Organisations
Traditional Approach
KEEP-IT-SECURE-24
TEST
Besides customer references, we believe it is important to highlight the multidisciplinary of Integrity’s team. Combined with best practices in Information
Security, our team conducts research and publishing of 0-day vulnerabilities, meaning that not even the producer was aware of.
https://labs.integrity.pt/advisories/
References
https://labs.integrity.pt/advisories/
Conclusion
Our focus is the Integrity of People, Processes, Information and
Organizations
• Organizations, technologies, and processes are not static, ad hoc tests add very
limited value.
www.crevisoft.com