- Information security audits and penetration testing
"Find vulnerabilities in your information system before hackers do"
Information security compliance has become a challenge for every organisation.
Beyond the traditional technically-oriented risk and security assessments, an ever-increasing number of standards, regulations and laws must be taken into account by the Information Security Management. For example:
- ISO 2700x, PCI-DSS, Basel II&III, SOX, HIPAA, GLBA...
- EU's data protection directive and its proposed revisions
- The laws "Informatique et libertés" and "pour la confiance dans l'économie numérique" (LCEN) in France
- The new US Securities and Exchange Commission's guidance on intellectual property and data privacy
Devoteam security audit team's unparalleled skills and experience are your best assets to overcome these challenges.
- Many customers have trusted Devoteam through annual contracts to perform information security audits
For the sake of confidentiality, these customers' names cannot be publicly disclosed.
Examples of security audits regularly performed by our team:
- Trading application platform audit (penetration testing and technical compliance of server configuration with best practices)
- Recurrent code review and light pentest for trading application on SmartPhone and iPad
- Web Application "grey box" testing
- Datacentre Infrastructure analysis (ISO 27002 coverage)
- Penetration testing in a PCI-DSS context
The Security Compliance team also performs security awareness and training through the design and the delivery of customised modules (e-learning, training courses, events, video, case studies, goodies, etc.).