Tcl security testing services v0 03 kvs 180511


Published on

Security testing services

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Tcl security testing services v0 03 kvs 180511

  1. 1. TCL Security Testing ServicesEnterprise applications are the enterprise’s new security perimeter. TCL’s Security Testingfocuses on detecting application vulnerabilities in order to ensure that only authorized usersare able to access the application and that authorized users are able to access and updateonly the information to which they have been granted permission.Applications require varying levels of security testing depending on the purpose of theapplication, the application customer base and the data contained within the applicationdatabase. To address client security risk levels associated with unique applications, ourcustomers have the ability to pick and choose from any of the following service offerings andcustomise. Security Review and Assessment Security Application Testing Security Vulnerability TestingReview and Assessment Overview Perimeter Review – Firewalls, Routers, RAS servers, Virtual Private Networks, Wireless LANS Server Review – OS hardening, S/W patch currency, active services review, account review – All IPS visible to internet Content Management Review – Web traffic – Email – Antivirus / Malware Prevention and Remediation. Technical Policy Review – Passwords, Directories, Groups, Accounts – Access Control Authentication Review – Effectiveness of current authentication – PKI, tokens, smartcards Intrusion Detection System Review n – ID Sensors, Analysis Stations, Burglar Alarms, HIDS and NIDS – Log analysis and intrusion attempt reporting Encryption Review. – Packet encryption, file / data encryption, hard drive encryptionApplication TestingTCL’s Security Testing also verifies that the following application security requirements havebeen met. Uses our requirements based testing methodology ments – Develop Test Strategy, Plan and Cases/Scenarios Application security controls like – Data Confidentiality, Non Repudiation – Communication Security and Data Integrity security – Web Application SecurityTCL Security Testing Services v0 Page 1 of 3 Commercial in Confidence03 KVS 180511 © 2011
  2. 2. TCL Security Testing Services Design/Requirement Impact – tokenisation architecture, common PCI requirements Coding standards – shared variables across threads Early penetration testing – automated & manual Security standards control – governance of architecture & testing Vulnerability testing – inappropriate file permissions Security compliance reporting – PCI, DPA – Sarbanes-Oxley – Basel II – Food and Drug Administration (FDA) – NERC-CIP – Health Insurance Portability and Accountability Act (HIPAA) – Federal Information Security Management Act (FISMA) – Gramm-Leach-Bliley Act (GLBA) Bliley – Payment Card Industry Data Security Standard (PCI DSS) – ISO 27001 / 27002Vulnerability Testing Identify network security gaps entify Review results of gap analysis report and make recommendations Implement recommendations.Benefits Authentication of a secure environment Understanding of the current adherence to your Security PolicyTCL Security Testing Services v0 Page 2 of 3 Commercial in Confidence03 KVS 180511 © 2011
  3. 3. TCL Security Testing Services Awareness of potential inadequacies in security Improvement of security through design and implementation of secure network solutions Protection from damages and financial losses from unwelcome network accessKey DeliverablesTCL security testing services delivers the following outputs: • Identification of application security vulnerabilities • Application security vulnerability reports • Remediation analysis • Recommendations to assist with the remediation of the vulnerabilitiesContactK. V. Shashi 98450 08696 End of DocumentTCL Security Testing Services v0 Page 3 of 3 Commercial in Confidence03 KVS 180511 © 2011