Our Assessment Plan includes:
Governance Assessment:
Leadership team involvement, policy and standard engaged, Law and regulation involved.
Stakeholder evaluation.
Physical security assessment:
Equipment management, Mobile computing, Physical and environmental security.
Secure SDLC assessment:
Review if security is enforced at each level of a product development.
Training: developer/testers trained on Code Security training.
Requirements:
Review security and privacy requirements.
Design:
Review Design requirement, surface attack analyze and threat modeling.
Implementation:
Static code analysis.
Verification:
Dynamic code analysis, fuzz testing, attack surface review.
Release:
Incident response plan.
Response:
Test incident response plans.
Data Risk assessment:
Data-at-rest
Data-in-transit
Contact us for a complete security risk assessment today.