GRC & Assurance

External & Internal Penetration Test

ADACOM has an extensive experience in External and Internal Penetration Testing. By using a combination of automated sweeps and detailed manual test steps along with information provided by the Client about the target environment, ADACOM reviews and validates scanning results and executes additional advanced tests to identify obscure vulnerabilities that the automated scans may have overlooked.

Social Engineering

Social engineering is the practice of obtaining confidential or sensitive information via manipulation of legitimate users. A social engineer will commonly use the telephone, email, or internet to trick employees into revealing information, thereby circumventing established security controls. ADACOM’s Social Engineering Assessment determines an organization‘s susceptibility to a variety of Social Engineering scenarios. It complements other assessment activities in providing the organization with a third party review of its overall security posture and employee adherence to established security policies.

Social engineering is used in the context of achieving access through defined vector of attack. Any attempt at social engineering will be recorded and all recordings (audio, text, video, depending on the type of social engineering) are submitted to the client as part of an audit trail.

Our Social Engineering Assessment is based on the following steps:


GDPR Readiness Assessment

General Data Protection Regulation (GDPR) Readiness Assessment will is a tailor-made approach for each enterprise customer and is based on the following four (4) steps of the Personal Data Lifecycle.

Our methodology includes questionnaire-based workshops to gather evidence on the current maturity level, which document the records of activities of the organization. These workshops will focus on each separate phase of “Personal Data Lifecycle”. Our methodology provides a complete and detailed analysis of GDPR requirements, and allows the collection and documentation of the results in centralized database.

Remediation Actions

Finally, a detailed list of remediation actions are presented, based upon the findings of the aforementioned questionnaire. The countermeasures will be categorized into the following 13 categories:

  • Maintain Governance Structure
  • Maintain Personal Data Inventory
  • Maintain Data Privacy Policy
  • Embed Data Privacy Into Operations
  • Maintain Training and Awareness Program
  • Manage Information Security Risk
  • Manage Third-Party Risk
  • Maintain Notices
  • Respond to Requests and Complaints from Individuals
  • Monitor for New Operational Practices
  • Maintain Data Privacy Breach Management Program
  • Monitor Data Handling Practices
  • Track External Criteria

GDPR Data Discovery Service

The GDPR requires us to be able to identify and protect data wherever we own it. In addition, we’re responsible for the accuracy of the data we hold, and legacy data is often a prime candidate for housing out-of-date information. Being governed by the GDPR means that you need to make reasonable efforts to safeguard all EU citizen data. In addition, if users request to remove their data, we have to be able to ensure that the request has been completed.

ADACOM GDPR Data Discovery & Classification Service quickly identifies, validates and discovers exposed personal data wherever it is stored with the broadest coverage of enterprise data repositories including file servers, databases, document and records management, email repositories, and web content and applications.


  • Gain visibility into where personal data is stored
  • Automatically identify owners of personal data
  • Get results quickly with minimal network impact
  • Reduce proliferation of personal data
  • Validate the classification of personal Data

Use cases

  • Create an inventory of all your personal data
  • Identify high risk systems and prioritize data clean up
  • Demonstrate regulatory compliance, particularly with the GDPR




Security Assessment and Gap Analysis

The main objective of the Security Assessment and Gap Analysis is to identify the current security posture of the Client Operations vs. a predefined standard,  and provide recommendations for improvement, which allows the organization to reach a security goal that mitigates the risk. In order to achieve this scope the IT Security Assessment consists of the following sections:

In order to understand the current stage of Information Security Policies and Procedures ADACOM’s team reviews all related documentation that will provide the information necessary to perform the gap analysis.

Review existing information Security Policies and Procedures: review all related documentation that will provide the information necessary to perform the gap analysis.

Identify gaps against the predefined controls: evaluate the state of readiness according to the prefefined standard.

More Specifically the Gap Analysis is split comprised of the following phases:

  • Policy And Procedures Review
  • Policy And Procedures Validation
  • Gap Measurement
  • Gap Reporting / Visualization

At the end of the Security Assessment and Gap Analysis service the Client will be able to understand the gap between the current and desired state of the control practices. This is a key input for providing a “Prioritized Roadmap” (Gap Remediation Plan).

Threat Analysis, Business Impact Analysis and Risk Assessment

ADACOM performs Business Impact Analysis process based on good practices and international standards. The said process allows the organization to identify and prioritize system components by correlating them to the mission/business process (es) the system supports and provide an insight on the consequences of a disruptive incident on the company.