ICT Security Service



GovernareCompliance Consulting: assessment of organizational and technological differential regard to one or more reference standards (Privacy, resolutions of the Guarantor, PCI -DSS, etc.) and organization of the organizational and implementative plans of return.

Policy e Linee Guida: implementation of the regulatory model of reference for the regulation of these processes and principles in the field of internal security and government security and classification of the information.

Business Impact Analysis: analysis of impacts related to the individual components of one or more critical processes, definition of business continuity plans and disaster recovery.

Legal Advisoring: specialized legal support on regulatory aspects and impacts of the new regulations on existing organizational context.



ingegnerizzareApplication Security: integration of adaptive platforms for the protection applications (databases, SAP, SOA Architectures, Portals, Application Framework) able to provide levels of “external” protection to specific software implementation.

Email & Web Security: design platforms for the safety of e-mail services and Internet browsing (Antispam, Antivirus, URL filtering, WAN optimization, etc.) integrated with services and infrastructure of Data Loss Prevention.

Log Management and SIEM Integration: specialist support on platforms Security Information & Event Management, for the collection, normalization and correlation of heterogeneous data sources aimed at the visibility of context and at the management of any operational problems or safety.

Fraud Detection & Management: specialist support for systems management and fraud detection realization, identification and description of the fraud scenarios, design and tuning of rules, support for survey and post-mortem analysis of fraud.

MSSP Engineering: design security services MSSP (Managed Security Service Provider) to the perimeter outsourcing of specific functions of prevention and control.



Security & Network Review: architectural reconstruction of the network platform and security currently in operation and evaluation of possible infrastructural criticality.

Penetration Test: full audit of vulnerability or problems about applications and services exposed by the scope of the analysis. Testing and Certification upgradeable protocols / custom applications or legacy.

Source Code Auditing: full audit of the source application using regression testing of functionality and critical pattern used within the framework application or custom products.

Configuration Audit: massive verification of configurations of equipment, systems and critical platforms in non-invasive mode.

Surface Attack Analysis: verification hacker’s style oriented to critical information. It integrates the activities typical of a Penetration Test of social engineering attacks, trashing, physical access, etc…

Unconventional Testing: laboratory services for the safety evaluation of products or third-party systems through analysis of binary or source of communication protocols.



operareSOC Implementation
: support for the definition of the operational model suitable for the control and management of ICT security, and for the provision of infrastructure monitoring appropriate to the internal operating processes.

Security Monitoring: specialist consulting for monitoring and real-time analysis of security alerts generated by systems and applications covered in the scope of control.

Security Platform Management: specialist consulting of first and second level for the operational management solutions or platforms on the market for ICT security.

Incident Handling: specialist support on-call for post-mortem analysis of potential fraud or cyber-attacks. Support for the forensic analysis for the assessment of possible computer crimes.

Early Warning: intelligence service and alerting managed by security bulletins relatively new vulnerabilities, rumors and new methods of attack, malware in circulation, etc…


This post is also available in: Italian