Besides evaluating systems for companies and government entities who use those systems, ISE provides third-party evaluation of systems that our customers are considering purchasing. An excellent time to employ ISE is when taking bids from multiple manufacturers. ISE's objective and independent security evaluation can play a large role in deciding which system to purchase.

Source code review

ISE's experts come from a rigorous computer science background. We are trained in just about every commercial programming language. We offer full source code review and evaluation. Among other things, our review includes identifying critical sections of code, programming errors, poor documentation, and misuse of cryptography. We rely on manual inspection and professional static checking tools. While no process is sure to uncover all programming bugs, a system that completes ISE's rigorous review is likely to be much more secure than one that does not. For recurring evaluations, once we familiarize ourselves with the code base, future code reviews will take significantly less time.

Cryptographic protocol and algorithm review

The computer scientists at ISE have an in-depth understanding of cryptographic protocols and algorithms. We recommend using established standards whenever possible. In the unlikely event that you need to design your own proprietary protocols and algorithms, we can provide a security evaluation.

Design analysis

The experts at ISE analyze clients' designs as part of the evaluation process. We meet with the technical teams who produced the designs, as well as the operational team who run the system. Our analysis includes a comprehensive evaluation of all design documentation. Our goal is to understand the motivations and constraints in the design, and when appropriate to refine the design to help produce a more secure system.

Attack simulation

It is not wise to actually attack your own production systems to test their security. Therefore, ISE will simulate an attack by evaluating the system against potential attack scenarios. We perform Design Red Teaming by simulating attacks analytically. Attack simulation occurs with respect to a particular threat model.

Services we do not provide:

Don't pay us to run nessus

At ISE, we offer specialized expert security services. Therefore, we do not perform commodity services such as automated networks scans and firewall configuration.

Common Criteria

ISE also does not do Common Criteria evaluation.
Life is too short.