BSM Better Security Management

Security Audit

Security audits and Security testing

BSM is a Dutch company specialized in security audits and security tests.  We have 15 years of experience and our auditors are certified.  We use our own ICCM © methodology. This security audit method provides a quick and easy understanding of security weaknesses.  The result of our work will be a report that will include your maturity level and will also be a guide/roadmap to bring your security to a higher level.

security audit

 

ISO 27001

The © ICCM security audit was set up from the ISO 27000 standard and quality controls such as availability, confidentiality, integrity and accountability. During the ICCM © audit we assess technical aspects but also organizational aspects such as processes and procedures. The audit report gives you a clear and independent blueprint of modifications needed for operational information security. Many standard such as the ISO 27000/ISO27001 standard demand that you perform regular internal audits to validate the security measures and security levels. We will be the indipendent and trained professionals you need to get and maintain compliancy with the implemented ISO 27001 controles in your organization.  

 

Security testing: e-mail

Apart from internal audits based on ICCM, we also do a lot of operational security testing. We have build our own e-mail seuciry testing suite that can test any e-mail chain wherever in the world without the need to install software. Our toolset contains fake phising mails to test your employees but also your techniscal measures. We can trim our test mails to see where and when they wil end up in a virus or spam filter and with what settings the (spoofed) mails will arive at the desktop. 

we can send a mail originating from you or your boss within 1 minute. Anyone recieing the mail will see your name just like hackers would do. Then, if a link is clicked in the mail we will get an alert. In the second part of the mail we test if the employee indeed enters his/her password in the fake phising attack. We will get an alert including the two first characters of the real password but we will strip the rest of the password for security reasons. 

Do you want to see this? We can do a demo in your mailbox so you can see how it works for free. 

 

Security testing: network, firewall and website

Just as with e-mail we have a complete toolset of testing tools to check your internet connections, website and local network and WiFi network. The first two can be tested remotely, for LAN and WiFi we need to come on site. As long as travel expenses are payed beforehand, we travel to any location in the world to do the audits and tests. 

 

If you are interested, also read our services related to Interim CISO / interim security management services and our penteration testing services.

 

Please contact us for more information about the audits or tests.