WNCS

• Home
• About Company
• Our Team
• Services
• Supply vehicles
• Contact Us

Services

Threat Risk Assessments (TRA) & Certification and Accreditation Services

WNCS has experience performing TRAs using both federal and provincial TRA methodologies. For federal clients we use the RCMP/CSE HTRA methodology as published on the RCMP website. For Ontario provincial clients we use the current MGS TRA methodology which was developed from the RCMP and CSE methodologies.

For banking and other private sector clients, WNCS will use the Harmonized TRA methodology, and will customized the threat scenarios to the specific private sector industry.

WNCS consultants are registered in the Cyber Protection Supply Arrangement program through an affiliated partner and hold certifications as WS3 Senior TRA Analysts.

WNCS consultants are also registered in the Ministry of Government Services TRA program through Corporate Security Branch.

Security Architecture Review

WNCS provides impartial 3rd party security architecture review for organizations. Security architecture review can be performed on all widely deployed IT platforms, and can involve review of infrastructure and applications.

Application Security Assessments

Internally developed applications are code reviewed for security vulnerabilities such as buffer overflows, race conditions, data validation and other common problems. 3rd party applications or COTS products can be evaluated in our lab prior to installing in your production environment to insure the product does not contain spyware or other “unadvertised” features.

WNCS will work with your organization’s IT support and/or IT Security department to validate software against any existing organizational security policies, and assist your IT support personnel to accredit the software for your environment.

Penetration Testing

WNCS can provide both IT and physical security penetration testing. Our penetration test methodology is more thorough than simple automated scans using tools like NESSUS or Retina. Our security and infiltration specialists will model the behaviour of the emulated threat agent, whether that is an unknown hacker, a trusted insider, or a non-privileged internal person. Common IT penetration tests include .NET and JAVA applications, VPN and remote access solutions, wireless networks, and financial transaction systems. Common physical penetrations include VIP quarters, secured office floors, CEO’s office and boardrooms, designated or classified facilities.

Voice Over IP (VoIP) Consulting

With the recent deployment of an asterisk based solution, we have opened our VoIP services practice. Our consultants will help you design and build a VoIP infrastructure. We can also help clients develop a business case for migrating to VoIP. In our own VoIP deployment WNCS has saved 85% off of our re-occurring monthly telco expenses.

Policy and Security Governance

WNCS has provided security governance for multiple large private and public sector clients. Security policy development, review or refresh. WNCS has provided gap analysis for organizations who wish to compare their existing environment against BS7799 and COBIT/COSO.

Privacy Impact Assessments

WNCS uses the latest privacy impact assessment methodology from the Ministry of Government Services for provincial and municipal PIA work. Our consultants will prepare a thorough conceptual, logical or physical PIA depending on the current status of the project under review. We have experience with FIPPA, MFIPPA, PHIPA and PIPEDA compliance review.

IT Forensics

We have certified IT forensic examiners available to assist your organization deal with post-breach evidence collection and preservation. Our consultants have experience dealing with large loss events in excess of $2M, and we can testify in court should the client wish to pursue legal options.