S2 Grupo has expert Computer Engineers assigned to the Association of Computer Engineers with the necessary accreditation to conduct expert reports and extensive experience in expertise of all types (criminal, administrative, labor…). At the request of an expert, staff from our team will analyze the case and, if necessary, conduct and defend the report issued.
As part of an organization, an effective security strategy must maintain a balance between the implementation of appropriate policies, investment in technology and training and awareness of all players involved in the development of corporate activity; since many of the security breaches of any organization have been, historically, related to people
Not surprisingly, an untrained employee, has two main vulnerabilities:
- Increases corporate risk when taking – or stops taking – actions whose risk he ignores, forgets or incorrectly assumes.
- Increases corporate risk when becoming more vulnerable to malicious parties: other employees, social engineering attacks, etc.
Aware of this reality, from S2 Grupo, we consider it appropriate to address audit projects aimed at assessing the degree of vulnerability of corporate human resources as a first step to implementing a Global Awareness Plan on Information Security of an organization.
This service is defined as an analysis process based on the experience of the audit team in the development of security audits on different environments, as well as in the customer’s own experience with its own environment. The sum of experiences and the joint development of the audit allows, in a very short time, to have a view of the security status of an organization in terms of human resources concerns, and plan, based on the result, if need be, the relevant proceedings with an objective basis.
The audit service is developed from a previously established methodology and conveyed to the staff of the organization through meetings; including inspection of existing documentation and the implementation of social engineering tests, in each case deemed appropriate. The resulting audit report will provide a clear view of the level of risk and define a plan of action based on the criticality of the identified risks.
Faced with a possible security incident, in most cases, it is necessary to conduct a detailed Analysis of scenarios resulting from unauthorized actions that occur in the information systems of the company in order to identify the author, the causes and method used. Next is to define measures to prevent the occurrence of similar incidents in the future.
Thus, it allows for appropriate measures to be taken to ensure that the event does not happen again, in addition to learning more in depth about the details.
S2 Grupo is able to offer its customers forensic analyses on a wide range of technologies (Unix, Windows, IOS, Android, etc…), issuing reports that, with the necessary information in every case, the activities, reasons, signs… of a computer problem that may have lead to an impact for our customers are analyzed.
The problems of semantic security can be regarded as a high risk factor in all types of organizations, especially in those best known by the society – for example, large organizations or the Public Administration, which also tend to be the main target of these attacks because of the media coverage the attacker can get. On the part of S2 GRUPO-CERT the periodic evaluation of this vision of security in our customers is considered very important, so that the execution of this type of analysis by the staff of our security center arises.
For the execution of these analyses, security technicians from the center will conduct a process of obtaining information (information gathering) against the requesting client, and against the most representative figures thereof. From the results of this analysis, a manual check of the data obtained will be made and verified that they do not introduce risks of any kind on our customers, paying particular attention to reputational risks, but without neglecting others as the legal or technical ones.
Given the ease of copying and distribution of resources through the Internet, it is common to find websites that make use of material belonging to an entity without the consent of the same, either for personal gain or for the degradation of the image used. In the same way and with the advent of social networks, it is increasingly common to find cases in which profiles that try to impersonate people or organizations are created. Therefore, by using automated monitoring tools and manual reviews, our detection systems will be able to identify those websites that use logos, banners, identity references or simply unauthorized resources belonging to entities or individuals to be protected, by designing, implementing and deploying a series of webspiders able to identify patterns, keywords and protected images and, thus, monitor the digital reputation of our clients, the unauthorized use of their image or brand and possible digital impersonation on the Internet.
Additionally, thanks to the anonymity of the Internet and the use of social networks, blogs or notification systems like Twitter, it is possible to find cases in which an action is taken that damages the reputation of a person or entity by publishing and distributing distorted information. From S2 GRUPO-CERT a number of webspiders are designed, implemented and deployed that allow tracing defamatory information based on preset signature patterns, generating alerts able to identify comments that may harm the image of the entities.
Services associated with monitoring semantic security will run regularly from S2 GRUPO-CERT, thus turning the audit into a security semantics monitoring of our customers, and automating, as far as possible, the generation and processing of results for the center; as a result of this service audit reports (detailed) and simple briefing notes addressed to particular persons or organizations will be issued, indicating the results, recommendations and guidelines issued from S2 GRUPO-CERT in each case.