The applications, infrastructures, or more generally the technological systems of the company constantly require maintenance, updates and monitoring in order to avoid discontinuity in the services provided or even intrusions. Even if all systems are adequately protected, there remains the risk of being exposed to zero-day vulnerability, and therefore even the most attentive company can be subject to successful attacks. It is therefore necessary to know the various attack vectors, their possible consequences, as well as the effective countermeasures to be adopted in the event of emergency. Often, even knowing how to choose the best product from a more security-conscious provider can make the difference, as well as having guidelines for writing secure code in a way that decreases the number of vulnerabilities introduced during the development of proprietary applications. In this scope, we offer consultancy and ongoing assistance for the resolution of the various cybersecurity problems, either by telephone, by e-mail, or by visiting the company itself where necessary, for the assignment period.
In particular, the following activities are foreseen, by way of example:
1. Support in analysing the ongoing attack or intrusion, also helping with finding a strategy to mitigate the threat. This activity generally consists in analysing the systems involved, the network traffic, the vector used for the intrusion of the attacks verification, exploits, or known payloads used for the intrusion, as well as of the actions necessary for the resolution of the problem, such as machine isolation within the network, patching or restoration of machines and exclusion of the attacker from the company network for instance;
2. Assessment of third-party products (firewall, SIEM, file integrity monitoring…) to be added into the infrastructure or already inserted;
3. Support for designing and implementating new products, applications or services, maintaining a high level of safety and in accordance with the principles of Data Protection by Design and by Default, pursuant to Art. 25 GDPR, and according to Recital 78 “When developing, designing, selecting and using applications, services and products that are based on the processing of personal data or process personal data to fulfil their task, producers of the products, services and applications should be encouraged to take into account the right to data protection when developing and designing such products, services and applications and, with due regard to the state of the art, to make sure that controllers and processors are able to fulfil their data protection obligations. The principles of data protection by design and by default should also be taken into consideration in the context of public tenders.”.
Each activity carried out will be accompanied by a report or minutes, in order to simplify the re-use of the information obtained and/or processed during the assignment so as to support the same business processes in the future, taking into account incidents which may have occurred and assessments already made.