All our consultants hold industry wide recognized Information security certifications like CISSP, CISA, and SANS GIAC and have extensive experience in conducting penetration testing exercises across various domains like telecom, banking, and manufacturing etc industries.
Penetration Test
We carry out assignments by following steps mentioned below –
- Various automated tools and manual methods will be used for carrying out the assignment. At each step there will be discussion between the organisation and TKV Solutions to filter any false findings.
- TKV Solutions will immediately alert the client in case a discovered vulnerability needs attention on priority.
- We perform Gap Analysis and Penetration testing of IPs in the following ways
- Gap Analysis: In this exercise we cover Client’s site. We make an initial assessment of the security status of the management framework, in terms of the controls, processes and procedures required by ISO 17799 which is the globally renowned standard in for security of information systems. The following is the diagrammatical representation of our approach towards coverage of various BS7799/ISO 17799 domains :
Our Penetration Testing Model –
Security Audit
Security auditing is the formal review of system users.
This process conducted to determine the effectiveness of existing security controls, watch for system misuse or abuse by users, verify compliance with current security policies, validate that documented procedures are followed, and the detection of anomalies or intrusions. Effective auditing requires that the correct data to be recorded and that is undergoes periodic review.
In order to provide individual user accountability, the computing system must be able to correctly identify and authenticate each user.
This is the distinguishing factor between system log data and user audit data. Log data, captured by for example, is typically generated by system processes and daemons that report significant events or information. It does not correspond to specific user actions, nor is it directly traceable to a specific user. Audit data generated by the system corresponds directly to recorded actions taken by identifiable and authenticated users, associated under a unique audit identifier (audit ID). Additionally, all processes associated with a user must inherit the audit ID.
Once the audit data is recorded, it must be reviewed on a regular basis in order to maintain effective operational security. Administrators that review the audit data must watch for events that may signify misuse or abuse of the system and user privileges or intrusions.
Some examples include:
- Accessing files requiring higher privilege
- Killing system processes
- Opening a different user’s files, mail, etc.
- Probing the system
- Installing of unauthorized, potentially damaging software (backdoors, Trojan Horses, etc.)
- Exploiting a security vulnerability to gain higher or different privileges
- Modifying or deleting sensitive information
CISSP Classes
We conduct CISSP preparatory classes.
CISSP is (Certification for Information System Security Professional) A certification reflecting the qualifications of information systems security practitioners. The CISSP examination consists of 250 multiple choice questions, covering topics such as Access Control Systems, Cryptography, and Security Management Practices, and is administered by the International Information Systems Security Certification Consortium or (ISC)2 (www.isc2.org). The (ISC)2 promotes the CISSP as an aid to evaluating personnel performing information security functions. The certification was first available in 1989.
We Conduct following CISSP Courses :
| Course | Description | Duration |
| CISSP | Certified Information Security System Professional | 5 Days |
| CEH | Certified Ethical Hacking | 5 Days |
| CISA | Certified Information Security Auditor | 4 Days |