Security Policies Definition
ISIT Security Policy comprises of developing a Security Manual for an organization. It assists organizations in creating Security Policies, Procedures and guidelines for implementing effective security and operational efficiency from security perspective.
Vulnerability Assessment and Penetration Testing
ISIT’s Vulnerability Assessment and Penetration Testing (VA/PT) service enables IT security teams to focus on mitigating critical vulnerabilities while we continue to discover and classify your vulnerabilities.It is a diagnostic service provided by ISIT. We evaluate an organization’s ability to protect its networks, applications, endpoints and users from external or internal attempts to circumvent its security controls to gain unauthorized or privileged access to protected assets.

Test results validate the risk posed by specific security vulnerabilities or flawed processes, enabling IT management and security team of the organization to prioritize remediation efforts. Once the identified critical vulnerability is fixed by the client, ISIT’s VA/PT service conducts a differential testing to ascertain that the mitigation action is effective.

Social Engineering Audits
Every chain is as strong as its weakest link, and in for information security this link is people. Social engineering is a collection of attack methods and techniques, which exploits the deficiencies of user awareness. ISIT recommends that organizations perform a social engineering audit as a sure way to measure the effectiveness of a security awareness program. During this audit, ISIT’s consultants will test current security controls but looking at the human factors that open doors for malicious actors.
Security Awareness Programs
Human beings are considered as the weakest link in a security chain. User awareness plays a huge role in ensuring success of a security program in a company. ISIT Security awareness programs assist organizations in developing user awareness tools/material and measure the security awareness of users. These include activities (onsite and offsite) that measure the understanding of security by the users.
Point-Of-Sales Device Audits
Point-of-Sale (POS) systems provide the initial interface for credit card transactions in the retail sector. They can be target of or malware attacks usually such as memory scrapper, which looks at data dumps and filters through them to find the necessary info. More sophisticated attacks are emerging every day. ISIT’s POS Device Audit is designed to minimize the threat of compromise. It is critical for merchants to ensure their POS systems are properly configured and not susceptible to common vulnerabilities.
Insider Threat Assessment
While many executives focus their organization’s efforts and financial resources on protecting their internal networks from external threats, like hackers, malware, intruders, and so on, a more dangerous organizational threat is often overlooked and sometimes ignored: the insider threat.The insider threat refers to a trusted employee or contractor who intentionally orunintentionally performs an unauthorized action that causes a degradation of service or theft of confidential data or intellectual property. ISIT’s insider threat assessment looks into administrative and technical gaps and recommends policies, procedures and technical controls to mitigate insider threats.
Industrial Control Systems (SCADA) Audits
The Internet and ubiquitous internet protocol networks have changed the design of many Industrial Control Systems (ICSs) such that the control network is now often a protected extension of the corporate network. This means that these delicate ICSs are potentially reachable from the Internet by malicious and skilled adversaries.

One tool that an ICS asset owner may utilize to assess the risk to the ICS is to procure and facilitate a cyber-security assessment. Many considerations have to be taken into account because of significant differences between an ICS cyber security assessment and the tests that would be performed in a standard corporate environment.ISIT’s ICS cyber security assessment identifies and seeks to mitigate vulnerabilities that would allow an attacker to disrupt or take control of the system.

Firewall Configuration Audits and Penetration Testing
Firewalls are your first line of network defense. To keep them secure and policy compliant –regular firewall audits are essential in order to check for misconfigurations and conflicting rules that can cause security gaps. ISIT Firewall Configuration Audits is aimed to identify such misconfigurations to enable organizations to have better visibility of their Risk posture.
Secure Architecture Design
Effective security architectures help organizations to better coordinate company-wide security efforts. Antivirus programs, firewalls, and intrusion detection systems play a key role in protecting organizations against external threats. To maximize these security tools as well as existing policies and procedures, ISIT recommend that companies implement a company-wide architecture that integrates these different elements. ISIT conducts secure architecture assessment of client infrastructure and recommends best practice design architecture and controls based on gaps identified.