Security Audit and Consultancy

• Aiming to assess and validate the security of technological infrastructures and data recovery, Dognædis offers a set of specialized consulting and auditing services which include the specification, development and training both of and in information security solutions, procedures and policies.

• Information Security Consultancy

  Specialized services aiming to help clients to develop a plan to overcome security issues detected within a security audit. Besides supporting to repair the actual vulnerabilities detected, Dognædis helps the development of security procedures and policies that may be best fit to the specific organization. It also helps to design security strategies and contingency plans for when incidents occur, as well as raising security awareness and promoting good security practices, being this a mandatory requirement for a long-term sustainable security culture inside organizations. This activity area also encompasses the required expertise to specify, develop and deploy generic information security solutions, ranging from simple configuration of the infrastructure, to from scratch development of customized solutions to a specific context. The main goal is always to implement an holistic and continued Security.

• Vulnerability Testing

  Analysis of the technical and technological vulnerabilities in a specific infrastructure. This analysis can range from standard automated procedures to custom manual detailed assessment of the client's organization.

• Penetration Testing

  Penetration testing (pentest) is a type of information security auditing that adopts the perspective of a potential attacker as mode of operation. With such tests, it is possible to perform an objective assessment of the potential vulnerabilities and existing attack vectors, therefore identifying what can be accessed, stolen or damaged in an actual attack. The observations collected from a pentest are a mandatory requirement to the development of internal procedures to prevent and/or mitigate potential vulnerabilities. These observations are also a required source of information to a sound risk analysis, since the infrastructure profile gathered represent actual risks amenable to quantification. Therefore, the major goals of a pentest are:

  Testing and validating the current technological infrastructure in order to assess the potential impact of an outsider attack.

  Analyzing the data gathered in order to improve, modify or create information security policies and/or information security solutions that protect the organization's critical data.

  Creating procedures for risk, security and resiliency metrics gatherings, that are continuously monitored, both at the most detailed technical level to the synthesis executive report intelligible by upper management.

• Infrastructures Security Audit

  Set of standardized procedures and methodologies that provide an overall perspective of the target infrastructure therefore allowing a comprehensive understanding of its information security issues. From this analysis it is gathered a set of security indicators, including risk-awareness and resilience metrics. This analysis includes not only but also:

  V&V (verification and validation) of security policies;

  V&V of physical communication infrastructures;

  V&V of systems security, including vulnerability identification;

  V&V of established protection mechanisms;

  V&V of the staffs' susceptibility to spam;

  After this analysis, it is possible to:

  Identify actual threats to the organization infrastructure and the associated risk level.

  Provide support to define and disseminate security policies that support, not hinder, the business goals.

  Define policies that prevent expensive recovery costs by mitigating the impact of potential security breaches, both from internal and external sources.

  Implement customized technologies to support those policies (not the opposite), maximizing reuse of the current infrastructure, therefore leveraging previous investments.

  Maximize new investments to ensure the business continuity, not technology by itself.

• Forensic Analysis

  This activity involves the detailed postmortem analysis of security incidents as well as a damage report and lost or damaged data recovery. This service also includes deep analysis and surveys that assure a complete knowledge of what happened during the incident, namely its cause, impact and scope.