Information Security
Security Services
Our services are primarily based on the best practices provided by certified professionals and cyber engineers vastly experienced in information security.
- Penetration Testing
- Information Security Assessment
- Security Compliance (ISO27001 / PCI DSS)
- Incident Handling
- Security Operation Center (SOC).
Penetration Testing
- Internal Penetration Testing
- External Penetration Testing.
- Black | Gray | White Box Penetration Testing.
- Covering different types of Penetration testing
- Web ,Mobile ,API ,ATM ,IVR ,Wireless ,
Network/Infrastructure
Differentiation Factors
- Exploit Writers
- Zero-day attacks
- Published Exploits and Vulnerabilities on:
exploit Database
contributed Zero-day exploits for Metasploit
quipping Point Zero-Day Initiative
Security Assessment
- Host Assessment
- Network Design Review
- Network Configuration Review
- VoIP Security Assessment
- Physical Security
Security Compliance
- Risk Assessment
- Gap Analysis
- Implementation
- Policies & Procedures Development
- Security Awareness.
- Certification.
Hiring resident engineer
- Hardware and software recommendation
SOC Maturity Assessment
- Developing SIEM solution use-cases
- Developing SOC Framework document
- Incident handling and response
- Malware analysis and disinfection
- Monthly, quarterly, and annual reports
- Prioritization of critical incidents and recommendations
- Risk analysis.
Our SOC is known with
- Effective detection ( I prefer to remove)
- Enable information security functions to:
- Respond faster
- Work more collaboratively
- Share knowledge more effectively
Governance Services
- Gap Analysis against International & Local standards
- Policies & Procedures Development
- Implementation
Risk Assessment Services
- Risk Assessment
- Risk assessment for 3rd parties
- Risk profiling
Compliance Services
- Comply with International and local standards
- ISO27001
- PCI DSS
Application Security
SDLC
-
covering End to End application security
-
provide consultation for in-house developed applications
-
SDLC Gap assessment
-
building SDLC framework
-
Threat Modeling
-
source Code Review
– Manual
– Automated -
Secure Development Training Our team is:
-
our security engineers have experienced software developers with code review certification from SANS
-
One of the Authors of OWASP Application threat modeling cheat sheets
Secure SDLC Training
- 4 Days
- Fully Practical, Demos and Case Studies
- Customized (ASP. Net. J2EE, PHP, C/C++, SAP ABAP)
- Application Security Tools Overview
- Secure coding best practices
We incubate your software from:
- Idea planning phase
- Implementation phase
- Deploying Security tests
- Assessments
Network Security Solutions
Network Security Solutions
DISCOVERY
Our Methodology will follow three phases:
Phase 1 – Logical Discovery
to cover all of the following technologies (Network, Network Security, Endpoint Security, Physical Security, etc).
Phase 2 – Physical Discovery
Physical inspection will be performed for each device and all Security Racks.
Phase 3 – Utilization Study
Our analysis and study of the current Security Devices utilization will help us to give accurate .recommendation for the new design
ANALYSIS
Our Methodology will follow three phases:
Phase 1 – Logical Design
We will provide logical topology for all security
devices, based on logical discovery.
Phase 2 –Physical Design
The physical diagram for all security devices and
port mapping, based on logical discovery.
Phase 3 – Traffic follows the analysis.
To optimize the migration process, we have to study
the Traffic follows each service end to end.
This helps us to provide an accurate migration plan.
Our Contact
Headquarters
Massera Elkobra Street, 1032721, off Elmoktar Street,
Tripoli, Libya
+218217132258
Branch
28 Rue Dahbagi 1001,
Tunis –Tunisia
+21671352124
Have any questions?
info-it@tamkin.ly