It has often been stated that security specialists are trained to see malicious cyber activities everywhere and devise ways to deal with them, but sometimes neglect to consider how great the risk is and the value of the system that is at risk. EWA-Canada has long believed that security information needs to be presented in a “business context”, one that is comprehensible by both senior management and by operations staff. It is often times a recurring problem that information security people do not understand the business being assessed. It is this problem that EWA-Canada’s approach to IT security reviews, testing and risk assessments attempts to address. EWA-Canada’s IT security reviews and risk assessments provide findings in terms of operational assurance, the business context is used to temper the identified risks, and recommendations are made to improve security around the specific business areas that most need it.
In assessing operational risk, EWA-Canada is a recognized leader in information infrastructure protection auditing and testing, and it has been a core corporate competency for more than 20 years. Over that period we have covered the full range of vulnerability and penetration testing from routine testing of networks and web sites for vulnerabilities, through sophisticated penetration testing of core security technologies using custom-developed exploits, to successful no-knowledge penetration tests of networks to “capture the flag” using a variety of technical and social engineering techniques. Our structured VA methodology has been designed to cover the full range of test requirements:
Many individual IT security risk management standards, guidelines, procedures and activities exist including: security policy planning and definition; business continuity; threat risk assessment; implementation of security safeguards and technologies; and Common Criteria standards to name a few. EWA-Canada has the experience and expertise to integrate these sometimes disparate activities and standards into a cohesive, structured approach to managing operational assurance in a traceable and repeatable manner.
Please Contact Us for further information.