The area of Enterprise Risk Management Consulting performs the functions of Security, Audit, Certification and Support Generation Regulatory Body, which are specified in Security Plans to ISO / IEC 27001, Business Continuity Plans (BCP and DRP) based on ISO 215999 and ISO 22301, Protection of Personal Data (LOPD / RMS LFPD Spain and Mexico), National Security Framework on RD 3/2010 and corrections March 11, 2010 CCN-STIC-802 and 808 and Protection Critical Infrastructure Act 8/2011 and RD 704/2011, Operator Security Plan (OSP) and Specific Protection Plan (EPP).
The Technical Audit Department audits Ethical Hacking and Network Security as OSSTMM white box and safety audits web applications and static code as OWASP methodology. Also complements the marketing of type Web Application Firewall (WAF), Intrusion Detection (IDS / IPS), Malware Protection Network and SCADA environments,
Forensics and supported on the expertise and assistance in the application and the corresponding trial.
The Security Operation Center is the center of deploying and supporting countermeasures based on security systems products from leading manufacturers of the market, including firewall, IPSec VPNs and VPN, gateway antivirus, position and DLP incident management platforms , monitoring systems...
The SOC performing preventive maintenance, corrective and evolutionary about supported platforms and can scale to support processes integral customer security in a wide spectrum that ranges from basic maintenance support until full function Outsourcing Security client.
The management area VASS Group identities can meet the needs of identification, authentication and authorization for access of user groups to resources. Includes solutions (both open source and commercial) Single Sign On for Desktop, WebSingle Sign On LDAPv3 Virtual Directories for authentication to deployment Metadirectory and Identity federation. It is also responsible for the homogenisation consultancies and Active Directory OU structure LDAP tree. It also performs consulting design and subsequent implementation of projects and life cycle management of certificates in a PKI, HSM devices and platforms looking strong authentication token-based OTP single use.
The area of Corporate Intelligence performs the most diverse projects, including:
Design and implementation (through platforms, staff and a group of analysts) of Corporate Intelligence built on the client, which allows the decision maker to provide analysis of the elements necessary for making decisions based on priority intelligence requirements established by management.
Implementing an Integrated Management System based on ISO 31000 Risk and Technological Surveillance System based on ISO 16606, which include the integration of physical security, logical security, Safety Management System of Information, personnel safety, environmental, risk prevention and Corporate Intelligence..
Deploying a Predictive Intelligence module, which determines the inference of future behavior patterns based on analysis of historical transaction data (in batch or real time). The vertical implementation so far are the adaptation to Basel II and Solvency II, indicators of banking and insurance fraud in money laundering, predictive risk maps in Smartcities Public Safety (Police, Civil Protection, Fire Fighting and Health Care) , prediction of changes in assessed values and real estate, from Botnets cyberattack patterns, risk hypotheses based strategic processes OSINT and social media monitoring, competitive intelligence and market analysis, etc..
The Training Business Unit has an important synergy with the Business Unit Corporate Intelligence and Security, which has taken shape over the last four years in teaching and training in safety training, both private and public sector including the Security Forces of the State. Prominent among them the training in Wen Penetration Testing, Ethical Hacking Forensic Expertise Network and also those related to Corporate Intelligence and Technology Watch. Finally, VASS has multiple agreements for the provision of formal training for technology manufacturer that distributes and implements, as well as courses organized ad-hoc, based on the needs expressed.