Consulting has become essential in any branch of business management, in order to ensure compliance with national and European regulations, which are constantly changing, to keep pace with the evolution in the business and technological sectors. It follows that the consultancy could not fail to refer also to the field of cyber security, fundamental in the IT sector and an integral part of the functioning of the company, whatever size.
In a company that up until now has based all its development on the correct structuring of processes, the concept of IT security can no longer identify itself only and exclusively with the implementation of technologies and solutions designed to protect companies’ IT infrastructures. The change of mentality that we must operate, sees its realization in identifying the necessary will to work on the organization as a whole, on the processes, and on the creation of company policies that can be said to be truly integrated in every element that pertains to the concept of security information.
To this end, a specific methodology is needed which, along the lines of the most recent regulations and technical ISO, recently issued, proceeds to identify the problem, up to the evaluation of the best solution and valid remedies to prevent the future occurrence of similar issues.
In this regard, it is possible to identify OSSTMM – Open Source Security Testing Methodology Manual as a reference methodology for carrying out security assessment activities, using a series of best practices, developed by volunteers all over the world, to evaluate consistently and repeatably the intrinsic security level of a specific system, network, architecture or context, under attack.
Within the concept of Security Advisory, we can therefore identify, among others, three specific macro areas of intervention: