The CYBERBELT©-security formula
Collect.
Test.
Monitor.
For certified cyber security
The content of the audit is the specially developed test procedure for mission-critical systems. The audit is carried out on the basis of the “current state of technology” using specific security tools and in accordance with accredited norms and standards.
The audit is an efficient security-related control of standard IT components and IT protection mechanisms.
Level I
Collection of data
A business card, an e-mail or a company name is sufficient as the basis for e-espionage. Based on this, generally accessible data is collected on the internet which provides an attacker with sensitive information about the company. Within this context, e-espionage demonstrates what information can be found and how it can be disguised to reduce the risk of attack.
Current hacking methods are used to verify vulnerabilities.
Level II
Testing – PenTesting
Externally: Find open internet connections, analyse vulnerabilities and attempt to penetrate company systems.
Internally: Test sensitive apps and server systems on the intranet and search for vulnerabilities that could be exploited for online attacks and data theft.
Current hacking methods are used to verify vulnerabilities.
Level III
Monitoring
Regular reports and vulnerability reports, as well as guidance on how to fix identified vulnerabilities. The result is an audit report including state-approved certificate, which, in the case of a positive finding, can be used to protect yourself, for legal disputes or as a compliance document for the auditor’s annual report.
More than 100 online systems in Central and Eastern Europe are monitored by our specialists.
The year-round security belt
and Compliance Confirmation
Continuous external monitoring and regular auditing of IT systems on location for 1, 12 or 24 months provide increased protection.
Technical IT Compliance
This certification substantially covers the cybersecurity requirements of relevant standards such as ÖNORM A7700, the Security Web Standard of the Federal Office for Information Security [BSI], the Open Web Application Security Project – Top 10 Most Critical Security Risks for Web Applications (OWASP/Top10), the Application Security Verification Standard (OWASP/ASVS), the technical requirements from ISO 27001 or ISAE 3402 for audit reports in IT service companies as well as the Payment Card Industry Data Security Standard (PCI DSS). Subsequently, ongoing trusted security monitoring of the online systems ensures a maximum possible level of protection. This means that with presentation of the cybersecurity certificate, the technical security requirements of the aforementioned standards in the sector of cybersecurity are taken into account.
Network Compliance
Configurable settings for SOX, FISMA, HIPAA CERT, DISA, STIG, NSA, GLBA, HIPAA, PCI DSS, SCAP-based audit policies (FDCC/USGCB, NIST, DISA, STIG), CIS benchmarks, NIST, NSA, and other best practice policies
WebApp und Mobile App Compliance
Configurable settings for CWE 2011, HIPAA, ISO 27001, NIST SP800 53, OWASP Top 10 2017, OWASP ASVS, PCI DSS 3.2, Sarbanes Oxley, STIG DISA, WASC threat classification
Source Code Compliance
Configurable settings for PCI DSS, HIPAA, SANS 25, OWASP Top 10, MISRA, MITRE CWE, BSIMM