Strengthen your IT security over a longer period of time through guaranteed access to our team of experts for virtual security officer services or for specific IT security tasks.
Secure timely access to our pool of information and IT security experts
Having experienced security specialists at your disposition at the right time can be a challenge.
We provide you with the option of getting privileged access to our expert team when and where you need it, irrespective of whether you need a dedicated or virtual security officer (full or part time) to bridge a vacant position, have to carry out penetration tests on a regular basis, write up information security policies, develop exploits, wish implementation guidance or handle IT forensics cases.
To address these issues and meet your specific needs, Oneconsult offers various tried and tested service packages.
- Privileged treatment
- Guaranteed access to expert pool
- Simplified handling of projects
- Dedicated single point of contact
- Customized service packages
- Discounted pricing
We offer basic and advanced service packages. The basic security service package covers the most common information and IT security tasks such as technical security audits, policy write-up, concept reviews, security awareness, etc. Advanced security service packages cover specialized services which require highly sophisticated skills and (certified) tools.
Depending on the project task, we assign appropriate personnel from our team of security experts, and will give VIP treatment when doing resource planning. You will get a dedicated single point of contact who takes care of your requests, ensuring efficient and smooth project management.
You will receive monthly reports on used and remaining days of your security service package. Pricing of service packages depends on the package type, agreed number of man days in a year and preferred payment option (advance or monthly payment).
We offer the following security service packages:
The basic security service package provides security responsibles like CIO, CRO, CISO and CSO, etc. with a flexible, expert workforce covering activities such as:
The digital forensics service package is an advanced service offering and provides you with fast access to our certified forensic security experts in cases such as data theft, fraud, malware infection, hacker attack, etc. Activities include:
- Forensic data acquisition
- Forensic investigation
- Forensic consulting and customized training
Often a visual demonstration of the effect of vulnerable applications and systems may be an eye-opener for decision makers and increases security awareness in your organization.
Working with malicious exploits is often forbidden by internal policies and usually not suited given the potential risk of a contamination. Oneconsult develops customized PoC exploitation software. These exploits do not have a malicious payload and may therefore be used as a proof of concept without harm to respective systems or applications.
In the exploit development package we develop exploits based on your specific requirements.
Security Officer Services Expertise
Since 2003 our certified security auditors have conducted more than 1200 penetration test projects (850 of which OSSTMM-compliant) as well as over 150 standard-based security audits, and have supported more than 40 organizations in developing security policies and guidelines. Furthermore, our team has carried out over 200 digital forensics projects.
Over a dozen companies and international groups already make use of the security service packages and regularly renew it. Our clients value us as a reliable, trustworthy and professional IT security partner.
For definitions of information and IT security terms please refer to our glossary.
A code injection vulnerability is about injecting program code into an application, which is then integrated and executed by the application. Depending on the type of vulnerability an attacker may manipulate the behavior of the application and inject program code, which may lead to a complete takeover of the system. Code injection is one of the most extensive and multi-faceted topics in the field of web security and provides many possibilities: SQL injection, Web script injection, OS command injection, SOAP injection, JSON injection, XPATH injection, etc.
ISO 27001 is a standard of the International Organization for Standardization. It describes the requirements for an Information Security Management System (ISMS) and is comparable to other ISO management systems like ISO 9001 (quality management). ISO 27001 is the only standard of the ISO 2700X family for which a certification can be obtained. Annex A of the standard lists information security controls, which are further described in ISO 27002. ISO 27001 und ISO 27002 look at information security as a whole and do not only cover IT security, but also additional aspects such as physical security.
Incident response is the reaction of an organization to an incident (see also security incident). Usually, this includes the correction of any damage which may have been caused as well as the definition and implementation of preventive measures to avoid that the same or a similar incident happens again.
Least Privilege Principle
The Least Privilege Principle requires that a user, software component or other entity is only given the absolutely necessary rights to fulfill its purpose.
Information Security Policy
The information security policy constitutes the highest level of all security policies. According to ISO/IEC 27000, a policy describes the "intentions and direction of an organization as formally expressed by its top management". The information security policy (according to ISO/IEC 27001) must support the purpose of the organization and should either include security objectives or provide a framework for establishing these objectives. Furthermore, it must make a commitment for the continual improvement of the ISMS (information security management system). According to the best practices of ISO/IEC 27002, the information security policy should define information security, describe principles for activities relating to information security and contain statements regarding the assignment of responsibilities as well as for handling deviations and exceptions.