Information security
Velours supports its clients in protecting their assets and information to ensure Confidentiality, Integrity, and Availability through services at different levels. Our solutions cover projects of varying degrees of complexity, ranging from the mapping of specific processes and penetration testing to the full structuring or review of Information Security Management Systems (ISMS).
Our projects are designed to meet our clients’ needs while remaining aligned with their operational realities and level of maturity in Information Security.
Our work follows best practices from international frameworks, primarily the ISO/IEC 27000 series and NIST cybersecurity standards.
| INFORMATION SECURITY WORKSTREAMS
Tools and Technologies
Our work includes the assessment and audit of implemented tools and technologies, configuration reviews, and related activities. Within ISMS structuring projects, we also support our clients in selecting the most appropriate solutions to meet their needs.
Processes, Standards, and Policies
As part of our engagements, we assess and review standards and policies that contribute to information security. We support organizations in adopting best practices and addressing existing gaps. In terms of data protection and privacy, we also assist our clients in their compliance efforts with LGPD.
Our projects also address the human factor in Information Security. We organize awareness training and conferences, conduct phishing campaigns, interview employees to verify real-world information handling practices, and work on issues related to insider threats.
People
| CASE STUDY
A multinational industrial company engaged us to assess the maturity of its Information Security program in Brazil. To carry out this project, we verified the Brazilian subsidiary’s adherence to the global standards defined by the parent company by evaluating its infrastructure, appliance configurations, network devices, and endpoints.
We also conducted interviews with key personnel to assess compliance with the group’s information security policies. Finally, we conducted a physical security assessment of the subsidiary’s data center, using Red Team techniques to demonstrate how certain controls could be bypassed and to identify the improvements that needed to be implemented.
Speak with our Risk Management and Strategic Intelligence specialists.
Get in touch and conduct your business with complete peace of mind.