Do you have difficulties in passing your requirements in information security by your employees? Is the number of incidents caused by the non-respect of your security procedures concerns you? Did these incidents impact your compliance with laws and regulations?

We propose to design and implement awareness campaigns on information security for employees to help them become aware of the concepts and best practices. Below a non-exhaustive overview of our services:

• Design and deployment of online campaigns of awareness of information security (see our offer outreach solutions)
• Design and deployment of security awareness campaigns based information-face awareness sessions (with training of trainers)
• Design and implementation of awareness campaigns on information security based workshops. This type of campaign follows a practical approach based on risk scenarios (simulation of security incidents management, demonstrations of computer attacks, etc.)
• Design and implementation of awareness campaigns on information security based on visuals (posters, pop-up messages, videos, animations, etc.)

As a PCI SSC QSA (Qualified Security Assessor), ATHENA TUNISIE supports your PCI DSS approach and offers the following services:

• PCI DSS Training:
  • Key Concepts
  • Requirements
  • Implementation of Recommendations
• Support in the scoping study and defining the scope of your PCI DSS certification project
• Support in PCI DSS compliance and maintaining of your certification:
  • Gaps identification
  • Policies and procedures development
  • Development of the technical specifications for the acquisition of compliance solutions
  • Implementation and test of compliance solutions
• Recurring Audits of your PCI DSS scope:
  • External Penetration Testing
  • Internal Penetration Testing
  • Internal vulnerability scans
  • Wireless access points detection and identification
  • Firewall and router rule sets review
• Mock Audit to prepare for PCI DSS certification
• Certification audit

Do you need information security specialized resources?

ATHENA offers you consultants who could reinforce your team and help you achieving your information security goals. Please feel free to fill in the form below with information about your need and your contact information.

• Education level
• Experience
• Certifications
• Requested competences
• Assignment localization

Please fill the form below

Are your IT investments creating value ? Are your business processes taking full advantage of the information technologies you are using ? Is your IT strategy aligned with your business strategy ?

Take advantage of our know-how in governance and strategy through the following services:

• IT governance diagnostic
• Implementation of IT governance best practices
• Development of the IT strategy
• Business Process Reengineering

In case of a disaster , would your business be recovered ? In how much time ? Are your potential losses estimated ?

In order to ensure the continuity / quick and efficient recovery of your business in case of a disaster, we offer you the following services :

• Development of your Business Continuity Plan (BCP) and/or Disaster Recovery Plan (DRP)
• Implementation of your BCP and/or DRP
• Evaluation of the BCP and/or DRP efficiency and adequacy with the context of your organization and the enforced regulations
• Optimization of the “Efficiency / Cost” rate of your BCP and/or DRP
• Disaster simulation

In case of a security incident or a cyber-attack , do you need to retrace what happened and know how to react ?

Our forensic analysis team addresses potential security incidents as well as malicious cyber-attacks via the following services :

• Trackback of the cyber-attack or the security incident
• Collection and preservation of relevant evidence
• Intruders identification
• Assessment of the damage extent
• Protection against attack renewal

Do you need a third-party independent, neutral and objective review and analysis of your technical and/or strategic choices related to your information security ?

We leverage our extensive knowledge of the IT security field to offer you the following services :

Consulting

• Development/review of security policies
• Risk Analysis
• Secure architecture design
• Technical and technological study
• Technical and technological advise
• Information Security Management System (ISMS) implementation assistance
• Chief Information Security Officer (CISO) assistance / coaching
• Project management assistance

What is the security level of your information system? Does it meet your business needs?

We propose to evaluate the security level of your Information system through customized audits that meet your business needs, your budget, and your technical and operational constraints.

Our audits can target technical, functional  and / or organizational components of your Information System.

Here are the various audits that we offer:

• External / Internal / WiFi Penetration Testing
• Application audit
• Source code audit
• Information Security Management audit
• ISMS mock audit

 Penetration Testing

Penetration Tests aims to simulate the behavior of hackers and to use their techniques to push a system / technology / application / person to its limits in order to discover vulnerabilities.
These are some examples of penetration tests we perform:

• External Penetration Testing (in blackbox)
• Internal Penetration Testing (scenario based )
• Application Penetration Testing (Web applications, mobile applications, etc)
• Social engineering (targeted attacks, phishing, phone calls, contact-making, etc.)
• WiFi networks Penetration Testing

The penetration tests are the most effective way to assess the solidity of your security measures against attacks.

Application audit

Application audits aim to assess the security of applications (web applications, mobile applications, etc.). During application audits we examine not only the audited application but also all its environment components:

• Web server
• Application server
• Database Server
• System Infrastructure supporting the application

The conduction of application audits is recommended before deploying applications in production environment. For in depth analysis of the security of your applications, application penetration testing and source code audit could also be integrated within the application audit.

Source Code audit

The source code audit allows you to check whether good coding practices have been respected during the applications development cycle. The audit of the source code is based on:

• Automated testing through source code scanners
• Manual source code review
• Application structure analysis

Information Security management audit

Information security management audit aims to enlighten you about:

• The application of your policies, procedures and security charters
• The compliance of your security documents (policies, procedures, etc.) with the best practices
• Your information security management improvement opportunities

Mock ISMS Audit

Mock ISMS audit is a requirement of the ISO / IEC 27001 and is part of its life cycle. It’s composed of the following elements:

• ISMS documentation review (security policies, procedures and guidelines, risk management documents, etc.)
• Identification of non-compliances related to the documentation
• Identification of non-compliances related to the implementation of the policies, procedures and guidelines of the ISMS.