InTheCyber // metodo difensivo
InTheCyber // metodo offensivo
 
metodo difensivo

D.07

Countermeasure Optimizations

Where remediation and best practices cannot be directly implemented due to infrastructural limits, an unconventional but still effective remediation plan is provided, tailored to Customer’s need.

 
metodo difensivo

D.06

Special Projects

Thanks to its long-time experience, InTheCyber identifies specific solutions and technologies, based on the Customer’s infrastructure.

ITC constantly monitors design processes and implementation of the technologies under consideration.

 
metodo difensivo

D.05

Vertical Application Review

Any application which is critical to the Customer’s business but do not fall within the scope of G.A.T.E. Analysis, is subjected to a security analysis based on the previous knowledge of source code and on the application owners’ support.

 
metodo difensivo

D.04

I-SOC

The conventional vision of SOCs as incident control and response infrastructures is no longer adequate. It is necessary to identify attacks before they occur and, in order to do so, a constant and effective cyber intelligence activity is essential. Therefore, InTheCyber offers an intelligence-driven SOC (I-SOC) outsourced service. In addition to the usual event monitoring, it includes underground monitoring activities aimed at immediately identifying any threat to the Customer’s security, such as being singled out for attention by Cybercrime or hacktivist crews.

Alternatively, InTheCyber provides Companies with support in the creation and improvement of in-house I-SOC.

 
metodo difensivo

D.03

Incident Handling and Forensic

Analysis and assessment of security incidents aimed at listing in detail the reconnaissance activities performed by the attacker before the intrusion, followed by the identification of the active attack phases. Identification of every action that could have led to a data exfiltration from the Customer’s infrastructure.

Moreover, evidences of any security incident/virus/malware affecting one or more machines can be unequivocally collected through forensic analysis.

 
metodo difensivo

D.02

Alpha-Omega Hardening

The Alpha-Omega Hardening is a comprehensive and dynamic process aimed at ensuring systems security, paying special attention to client-server interaction.

 
metodo difensivo

D.01

G.A.T.E.

The configurations of the security devices installed in the Company’s infrastructure are gathered and analyzed in order to identify any overlooked security feature or potential misconfiguration that may lead to security vulnerabilities.

 
metodo offensivo

O.01

External & Internal Vulnerability Assessment

The External & Internal Vulnerability Assessment activity is aimed at identifying potential vulnerabilities in the Customer’s perimeter or internal network.

 
metodo offensivo

O.02

Mobile

Identification of mobile applications vulnerabilities. These are subjected to static and dynamic analysis aimed at finding critical issues that compromise the security of the final user and/or the company’s server with which the application communicates.

 

O.02.1 Web

 

Identification of web applications vulnerabilities. This completely black box activity involves an initial automatic test followed by a substantial manual activity, which is predominant.
In this way it is possible to identify both OWASP Top 10 vulnerabilities and non-standard weaknesses, intrinsic to the application logic.

 

O.02.2 Internal Penetration Test

 

The Internal Penetration Test activity consists in assessing the risks faced by the Company in the event of an internal threat, thus verifying the Company’s degree of resilience to insiders.

 
metodo offensivo

O.03

ICS/SCADA Pentest

Assessment and Penetration Testing in industrial environments. The activity is aimed at finding any potential cyber system weakness that can compromise the proper functioning of industrial plants.

 
metodo offensivo

O.04

Social Engineering campaign

Simulated attacks targeting the human element in order to enhance employees’ security-awareness. The activity includes different types of attack, from phishing (both massive and targeted) to phone pretexting.

 
metodo offensivo

O.05

Blue Team empowerment

Blue Team Empowerment consists in a set of tests specifically crafted by ITC’s Red Team to verify and improve assigned staff’s skills and promptness in contrasting cyber intrusion attempts.

 
metodo offensivo

O.06

Real life attack simulation

The activity consists in adopting the point of view of an attacker, whether they are a cybercriminal or a member of hacktivist associations, whose objective it the intrusion into the Company’s network, exploiting the weakest link.

 
metodo offensivo

O.07

Industrial espionage campaign

The Industrial Espionage Campaign activity is aimed at reaching a level even higher than Real Life Attack Simulation, assessing the possibility to have access to highly sensitive data and to steal them without being identified by the team in charge of the Customer’s company security.

 
 
 
 

L'etica della reciprocità o regola d'oro [ regola aurea ] è un valore morale fondamentale che "si riferisce all'equilibrio in un sistema interattivo tale che ciascuna parte ha diritti e doveri; la norma secondaria della complementarità afferma che i diritti di ciascuno sono un dovere per l'altro". Essenzialmente si tratta di un codice etico in base al quale ciascuno ha diritto a un trattamento giusto e il dovere e la responsabilità di assicurare la giustizia agli altri. L'etica della reciprocità tra individui è il fondamento della dignità, della convivenza pacifica, della legittimità, della giustizia, del riconoscimento e del rispetto tra individui, delle religioni civili. La reciprocità è la base essenziale per il moderno concetto di diritti umani. La "reciprocità" sintetizza con viva autenticità in sé le parole "libertà" e "uguaglianza".

Le dottrine sulla libertà considerano l'etica della reciprocità tra individui un fondamento ovvio. Ogni ingiustizia avrebbe origine da qualche precisa violazione del Principio di Reciprocità tra individui. Secondo l'antropologia, l'etica della reciprocità è l'unica regola universalmente accettata, pur con notevoli varianti. La regola d'oro ha radici in molte culture diverse. Importanti filosofi e personaggi religiosi l'hanno formulata in modi diversi. Spesso si distingue fra la sua forma positiva ("Fai agli altri quello che vorresti fosse fatto a te") e quella negativa ("Non fare agli altri quello che non vorresti fosse fatto a te"), meno esigente e perciò detta anche "regola d'argento". Un elemento chiave della regola è che chi cerca di vivere in base ad essa dovrebbe trattare con rispetto tutte le persone e non solo i membri della propria comunità di appartenenza, come purtroppo è spesso avvenuto storicamente.