Security Assessment and Testing

SBS covers the whole security assessment process offering all its underlying activities and testing which induce a report that highlights the procedure needed in order to mitigate security vulnerabilities.

Services Offered:

Vulnerability Assessment

A vulnerability assessment is a methodical evaluation of an information system addressing security weaknesses. It assesses the susceptibility of the system to any known vulnerabilities, identifies their severity levels, and defines remediation or mitigation methods whenever needed.

Red Teaming and Penetration Testing

Red teaming and penetration testing is a full-scope activity that simulates cyberattacks covering currently implemented controls and layers of security in terms of people, network, physical security controls, information security and applications. This testing exercise is conducted by security professionals with the same tools, techniques and methods used by real-life criminal hackers. The purpose is to assess the security posture of an organization and reveal exploitable vulnerabilities in physical, hardware, software, and human aspects.

This exercise includes:
  • Social engineering
  • Automated penetration testing
  • Manual penetration testing
  • Physical intrusion

Threat Hunting

Threat hunting is an exercise that assumes an environment has dormant threats and tries to hunt them before they are used to compromise the organization’s assets and services. And hence, it is a proactive defense intended to protect assets and services.

Threat hunting is used to detect attackers and prevent them from remaining stealthy in a network for months, or even years, while they quietly collect confidential data or get authorization credentials that will allow them to further expand their existence and move easily across the environment.

SBS will approach threat hunting using 3 major methods:
  • Hypothesis-based investigation
  • Investigation based on Threat Intelligence
  • Investigation based on machine learning

IT Audit

An IT audit is the inspection and appraisal of an organization's IT infrastructure, policies and processes. The purpose is to determine whether the IT controls is use are capable of protecting assets and ensuring data integrity. It does not only address physical security controls, but also covers whole business and financial controls that involve information technology systems.

The primary objectives of an IT audit include:
  • Evaluate existing systems and processes that secure company data
  • Determine risks and identify methods to minimize them
  • Ensure compliance of information management processes with a predefine standard
  • Detect ineptitudes in IT systems and associated management

Quality Control

Quality Control is the process through which an institution seeks to assure the quality of a project that has been delivered to it in order to check that the everything has been properly done as per the scope of work agreed on. Furthermore, it seeks to assure the optimization of resources and precision of desired output and deliverables.