In Tunisia, as elsewhere in the world, it is very difficult to estimate and identify the number of pirated companies. It is even more difficult to estimate the direct and indirect costs of these malicious acts. Several organizations in the field have issued an alert to warn that a vast majority of companies do not have an emergency plan and that in the event of an incident a large number of companies would not be able to recover Its data or continue its activity. This means that, in this case, they are not in a position to recover their data quickly in order to continue their normal activity. It is easy to imagine then the dramatic consequences that this entails both financially and humanly.
A study in the United States shows that in one year (1999 to 2000) the cost of piracy increased from $ 265 million to $ 378 million (Computer Security & FBI source), an increase of 42%.
Even worse, according to a study by Deloitte, more than 83% of the IT systems of financial institutions experienced security problems in 2004. An alarming phenomenon in full growth, the same poll revealed "only" 39% of vulnerable systems in 2003.
"Viruses, worms, malicious programs, sabotage and identity theft are all ways to attack target systems," said Ted DeZabala, a spokesman for Deloitte & Touche. Among the revelations of this investigation are the attacks carried out both from outside and inside the company...
Yet it is truly possible to significantly reduce these risks by pursuing an effective security policy at a reasonable cost. The first reflex to have is to ask the question of the inventory : "What about my Information System ? Has the means necessary for its protection and integrity been implemented ?"
To answer these questions, it is necessary to start by taking a photograph at a time T of the perimeter to be evaluated. This "photograph" is an Audit. There are several categories of audits that can be implemented in a company :
Any security audit whose information is provided by the client. It provides a totally transparent view of the technical and organizational security in place. This preventive audit proves to be very useful before the launch of a website or the commissioning of network architectures. Procedure used :
Unlike the white box audit, the black box audit is a blind audit that is done blind. The client does not give information about his information system. Concretely, a black box audit makes it possible, for example, to validate a web site already in place and provides a complete view of technical safety. We offer two kinds of audit box black :
Internal network "Black Box" audit. This security audit validates security within the corporate network. Indeed, according to statistics, 80% of computer-related harm is internal to the company. INTELLIGENT SECURITY IT seeks all sensitive data accessible via the network in order to inform the Client.
The internal network "Black Box" audit is performed as follows :
"Black Box" audit from outside: This security audit validates the security of the public part of the company (eg website). This public part is the showcase of the company. It is therefore essential to the image of it. INTELLIGENT SECURITY IT is thus put in the place of a malicious Internet user and looks for any weakness of the public area.
The Black Box audit from outside is performed as follows :
This security audit aims to validate the level of impermeability to any intrusion of your corporate network. It can be conducted from outside the company to see if it is possible to bypass the existing security to penetrate the network. It is also possible to conduct this audit from a given point on your network to see if it is possible to access other parts of the internal network.
The Intrusive Audit is performed as follows :
The vulnerability audit, as its name indicates, aims to identify the vulnerabilities present in a system. It is usually a question of identifying existing weaknesses or weaknesses in your network at :
Code auditing is used to validate the security of a program. Concretely this validates the security of any program written in HTML, PHP, ASP, Perl, Java, Javascript, C, C ++, etc.
The Code Auditing is performed as follows :
The organizational audit takes into account the security in general in the company. While respecting the constraints of budget and structure, it makes it possible to appreciate the following elements :
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.