Security Consulting

Integrated Information Security Consulting

Reflecting on international information security managing standard, we operate integrated information security consulting to establish total information security system and to improve security level.

image of Integrated Information Security Consulting
ㆍNetwork devices
ㆍInformation security
   system
ㆍServer and DB
   Application
ㆍEstablish security policy
ㆍAsset management
ㆍPersonal information
   management
ㆍIncident response
ㆍAccess control
ㆍCCTV Management
ㆍIDC operation and
   management

Operation range

Based on global information security standard, we analyze customer security status and evaluate on entirely technical, administrative, physical security level. And we suggest the security measures based on customer budget.
Item Contents
Administrative Consulting Establish security policy and assess the administrative level for asset management and incident response followed by international ISMS and ISO27001 standard
Personal Information Security Consulting Assess personal information security system. Evaluate processing, storing, discarding level of the personal information and establish the improvement measures
Vulnerability Assessment Consulting For the built customer infrastructure, we test penetration and operate vulnerability to evaluate internal / external security threat and establish security measures
Physical Management Consulting In / out control and evaluate customer standard management level, Establish improvement method, Physical and security devices consulting

Certification Consulting

We comply with the standards of each evaluating agency to achieve the suitability certification of information security management through the objective evaluation from the agencies for information security management system by settle up the information security management plan and manage/operate it continually.



image of Certification Consulting

Operation range

We plan to improve the information security level and customer satisfaction for information security operation management, technical issues, and physical issues via ISO27001 and ISMS certificates.
Item KISA (ISMS) BSI (ISO27001)
Agent Korea Standard ISO / IEC : International Standard
UK BSI Certification Institution
Certification Authorities Korea Internet&Security Agency (KISA) BSI Certification Institution
DNV Certification Institution
SGS Certification Institution
Certification Status Achieved 403 Domestic Certificates (2013) Global 22,293 Certifications
Domestic 252 Certifications(2013)
Target Any department or whole organizations who produces goods and provides services
Assessment 1yr Cycle Posterior Evaluation, 3yr Cycle Re-Evaluation 6month Cycle Posterior Evaluation, 3yr Cycle Re-Evaluation
Certification Procedure Establishment (Certification Base Process), Implementation (At least 3 Months), Evaluation (Document / Evaluation) 3 Months

Personal Information Security Consulting

We establish the information security management system by applying the domestic/global regulations and systems like personal information management process and storage/disposal rules to follow the personal information rule and to prevent the personal information leakage.

image of Personal Information Security Consulting
· Analyze the internal/external employee
 personal information access and management
 vulnerability issues
· Analyzes the personal information storage
 system vulnerability
· Analyze the personal information
 gathering/storage/disposal process
· Analyze the personal information handling
 standard and management system
· Establish technical, physical personal
 information protection system
  by applying PIMS, PIA (Domestic),
 BS10012 (Global)
· Establish internal/external control
 by law and regulations

Operation range

Personal information security consulting analyzes the personal information management/operation/modification and personal information security status of customer organizations to analyze the threats and to deduct the improvement.
Items Contents
Analysis of Current Status · Analyzing customer personal information security consulting goal and requirements
· Analyzing the status of personal information management system
· Analyzing the personal information management, technical, physical system status
Analysis of Vulnerability · Requirement analysis in advance and select the target
· Design the internal / external penetration scenario
· Simulation hacking for personal information leakage prevention
Risk Assessment · Personal information security management system analysis and risk level by vulnerability check
· Asset Evaluation, Threat and Vulnerability Evaluation, Threat Evaluation
· Physical security status and system operation evaluation for personal information security
Establish Improvement proposal · Deducting the improvement the vulnerable item remove or compensation
· Designing the operational / technical / physical countermeasures and master plan for personal information security

Financial Security

* PCI DSS?

PCI DSS is the Payment Card Industry Data Security Standard, and this is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. PCI DSS is intended to protect sensitive cardholder data.

image of Financial Security

Operation range

We establish information security control system by PCI DSS 3.0 standard. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle.
Item Contents
Constructing Safety Network · Install and maintain a firewall configuration to protect cardholder data
· Do not use vendor-supplied defaults for system passwords and other security parameters
Powerful Access Control · Restrict access to cardholder data by business need-to-know
· Authorize proper ID by user on computer access
Data Protection · Protection of the stored cardholder data, and encoding of transmission in public network
Real-time Monitoring · Real-time monitoring for access tracing of network resources and card member data
Vulnerability Assessment · Regular vulnerability assessment of system and network
Security Policy · Establish and Maintain PCI DSS policy for securing information security

Vulnerability

We operate penetration test in the view of internal and external users so that prevent internal security incident and block the security treat. And also we establish the security system for service stability and reliability


Web System Hardening Mobile Wireless AP Source code
- Web server / Web application
- Internal system penetration testing by using service/system vulnerability
Check vulnerability and configuration error of system and network / security devices Vulnerability test for each cellphone, network, middleware, connecting system System penetration for unauthorized access of internal, external wireless AP system Vulnerability assessment of self developed application system

Operation range

To obtain stability and to find vulnerability for the customer infrastructure, We operate various penetration tests and vulnerability assessment consulting.
Item Contents
Vulnerability Assessment and Penetration Test · Select internal / external scenario for system penetration
· Operate assessment based on OWASP top 10 and 8 vulnerability clause of national intelligence service
System Hardening · Select assessment target by each system
· Operate vulnerability checking to each system by using automatic assessment tool of WSEC
Mobile Vulnerability Assessment · Analyze Android and IOS paalication vulnerability followed by WSEC own vulnerability checklist
Wireless (AP) Vulnerability Assessment · Password crack and internal intrusion penetration test on built wireless
Vulnerability Assessment · By using automatic tool and manual checking of source code, we assess vulnerable point on language feature, algorithm of design, and functions used