IT security consultancy services

SEARCH-LAB offers various IT security consultancy services to its customers, like building an information security management systems or defining and verifying requirements towards internal and outsourced software developments.

Information security management systems

SEARCH-LAB has a long track record of ISO 27001:2006 (formerly known as BS7799 and ISO 17799) information security management system (ISMS) developments and assessments. In particular SEARCH-LAB offers to its customers to:

• carry out site inspections, to state the current status of the ISMS,
• setup an IT assets inventory in order to identify the values to protect,
• carry out a risk analysis to find out the major threat factors,
• create a security policy governing the Information Security Management System,
• develop Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP),
• develop information backup and restore procedures to ensure desired availability of services,
• create regulations managing access control, incident management, physical security, environment security, IT acquisitions, asset management, development and maintenance, continuity management or HR security and
• carry out external audits.

Security requirements towards software developments

During software development - especially in case of outsourced developments - testing is usually done by the developers themselves. If the delivery and acceptance procedures do not include the verification of security requirements, this can lead to sever, undetected security problems:

• design weaknesses may degrade the security of the whole system and
• exploitable weaknesses may degrade reputation of the company and the brand causing serious financial damages.

Our proposed solution to improve the security awareness in software development is based on a staged model. We define different security levels with increasing assurance from informal guidelines to a formal security framework, so this flexible solution can be best adjusted to the actual needs.

SEARCH-LAB offers to its customers:

• to create secure software development guidelines,
• to create formal security requirements, which then can be included in the development specifications or even in legal agreements with subcontractors,
• to develop self assessment forms to be filled in by the developers,
• to specify verification and acceptance procedures for deliveries,
• to develop custom Security Targets for security-critical software and
• to carry out independent evaluations of security-sensitive software modules.