Consulting Services

ToBe Security company is specialized in offering a variety of consulting services which gathering to total solution to the customer needs.
Those services, build to the customer alignment of information security, enables the customer to cope with the existing threats and to deal with future threats.
The attached list describes the variety of services ToBe security offers to its customers:

Infrastructure range

• Infrastructure risk survey and penetration test.
• Operating System security test.
• Data base information security test.
• Web servers information security test.
• Network topology and architecture test.
• PKI solutions.
• Wireless solutions.
• Log analysis.
• Social Enginnering Evaluation.

Information security management

• Writing and assimilating an information security policy.
• Writing and assimilating information security procedures and standards.
• Assimilating of standards like BS7799.
• Organization escorting for regulation demand.
• Risk analysis.
• Risk management.
• Information security professional courses.

Application range

• Application level penetration test and risk survey.
• Threat Modeling.
• Support over develop process.
• Information security in the development and implementation .NET applications.
• Code review.

Penetration Tests Services

Organizations are exposed to risks when utilizing communications and computing systems to share information and communicate internally and externally. These risks are not static but rapidly changing due to a number of factors, namely: ongoing discovery of weaknesses or vulnerabilities in current systems, acquisition of new systems with inherent vulnerabilities, increase in the sophistication of attackers and threats, increase in the speed of threats (such as worms) and increase in the amount of “assets” available on the global Internet. For all these
reasons organizations need to “assess” their risk on the on-going basis with a frequency which depends on the nature of the business and the level of exposure ranging from monthly testing and or evaluations to quarterly or yearly in the most relaxed cases.

The objective is to reproduce the way that a hacker would approach the goal of penetration of the organization from the Internet as well as from inside by using skills, methods and technologies considered best-practices as well as those used by hackers.

The project deliverable is a comprehensive report outlining the level of risk, detailed of findings and recommendations for reducing the risk and presented at both executive level of management as well as the technical staff.

ToBe Security ’s approach to security assessments is to organize them along the lines of an information-security risk management model. Under this model and in order to establish the “Risk” to which an organization is exposed, there are a number of elements that have to be identified, namely: Vulnerabilities, Threats, Assets, Impact and Costs. With these elements a determination of risk can be done quantitatively along with the cost to reduce the risk to protect the assets and the impact to the organization if these assets where to be compromised.

ToBe Security has packaged its vulnerability assessments as:

1.External Security Assessment: Where the vulnerabilities are identified
from outside of the organization.

2.Internal Security Assessment: Where the vulnerabilities are identified from
within the organization.

3.Wireless Security Assessment: Which can also be a part of the Internal Security Assessmen and is intended to identify vulnerabilities of the wireless infrastructure.

4.Web Security Assessment: to identify vulnerabilities of the web
application server/services.

Education Services

ToBe Security offers a two days course, designed for system administrators and information security professionals, which explores complex security issues and teaches hacking tools, the hacker mind, how to address security issues in the company when they occur and how to insident response.