P & P INVESTIGAZIONI S.r.l. is an agency properly authorized by the Home Office with the issue of the prefect’s license according to art. 134 under the Consolidated Act Of Public Safety Laws, in Italian "Testo Unico Legge Pubblica Sicurezza" (R.D. 18th of June 1931 n. 773) for the activity of investigations, information and research on behalf of natural person and legal person all over the country and abroad.
The Data & Network Security Department of P & P INVESTIGAZIONI S.r.l. is committed to fight the cyber crime and to give its own assistance not only in support to the activities of the police forces but also in aid of the companies.
The attention towards the Cyber Security is in great expansion, since it is nowadays impossible to protect the company’s activities without the support of information systems, by now an essential instrument within the production processes of companies.
For this reason it is necessary to identify of professionals that protects from the cyber attacks that could seriously put in danger the most important assets, your Know How.
Through the Data & Network Security Department of P & P INVESTIGAZIONI S.r.l. it is possible to detect the degree of vulnerability of Your systems and to identify, after an a accurate diagnostic analysis, the suitable interventions for the safety regulations of your computer property.
Security Assessment Service of a system or a network, by the simulation of a threat agent attack
non-invasive activities to evaluate the effectiveness and the degree of strength of the your company's security systems, identifying vulnerabilities
In the provision of services, the Digital Security Department of P & P INVESTIGAZIONI S.r.l. adheres to the basic benchmarks on the market:
Is the unique international standard subjected to control and certifiable that defines the requirements for a ISMS (Information Security Management System), designed to guarantee the selection of appropriate and proportionate safeguards.
In order to protect the security of your company it is necessary to put in place several cyclical processes, that can be summarised in this way:
Finally we point out that in order that the mechanism, just now described, is valid, it is necessary its repetition over time; only in this way it is possible to guarantee a degree of stability and reliability to the safeguards of your IT infrastructure.
The OSSTMM (Open Source Security Testing Methodology Manual, pronounced as "awstem") is a certification supplied by ISECOM (Institute for Security and Open Methodologies), International Community of research and collaboration on the Security, founded in January 2001. It is a methodological approach of peer-reviewed, used within the field of IT security systems, that foresees the fulfilment of security and analysis tests on infrastructures and IT assets, that are expressed in proved facts; these facts supply useful information that could improve, in terms of measurability, the operative security.
The use of the standard OSSTMM, with due regard to the legislation, consents to obtain reliable and repeatable results and to understand which countermeasures should be adopted, how much the system object of the analysis is subjected to possible aggressions, and so in which way it is possible to achieve the highest possible level of security.
The OWASP Testing Guide è is a framework for the test of the application and network infrastructure security, developed by OWASP (Open Web application Security Project), a not-for-profit Foundation, that focused its activities on the production of resources, articles and materials related to many problems directly connected to the application security.
OWASP has drawn up a list of the threats to the security considered mainly critical:
The methodology MAGERIT (in english Methodology of Analysis and risk management of information systems), developed by the Spanish Government since the ’97 and today adopted globally, offers the following aims:
The Data & Network Security Department of P & P INVESTIGAZIONI S.r.l. pursues its professional activity in the most obsequious respect of the following legislative frames of reference:
The Data & Network Security Department of P & P INVESTIGAZIONI S.r.l. guarantees the training of experts specialised in the Security Field, through the organisation of courses on that subject.
In the specific, there will be organised course of Offensive, in which there will be described the techniques suitable to violate and/or damage the operating system, and course of Defence, based, instead, on the processes of safeguard of them.
At the end of each course, structured in theory and practise, the participants will have to pass some tests and after that they will receive the related Certificate of Participation.
The Data & Network Security Department of P & P INVESTIGAZIONI S.r.l. has at its disposal highly specialised experts, in possession of several awards and certifications in the field of the security assessment, attesting qualifications of technical professionalism as well as the ethic importance of them:
This figure has technical and organizational experience in the security industry of at least 5 years, and therefore has the necessary requirements to identify the work activities and plan the strategies that customer needs.
He knows exactly the services of security and the procedures adoptable for the resolution of each single problem on security; because of such competences and of its constant being updated, he is so able to intervene in an active way in training and research activities.
This figure can boast of a 5 years technical-organisational experience, in the security field and therefore has the necessary requirements to identify the activity of work and to plan the strategies that the Customer requires.
With 2 years technical-organisational experience in the security field, the Security Expert offers consultancy and assistance on that subject, in support of the work of the Security Advisor. He is regularly involved in activity of updating and research.