What actually means the security and certifications?

Kimmo Huosionmaa

When some people come to make certificates about companies they normally show the people, who they really are. They are formers of their companies or other organizations and they show that position with some identification card. They will go around the workgroup, and also talk with the people. Those consults mission is to get all information about their target organization, and also find out weaknesses about it. This is what the real consults do in the real life.


They don’t hide behind some code names or if they use code name the organization contact information and homepages are able to find in the public place. When we are talking about security checks, we must realize that no firm in the world leaves to one source. They use also official members, who have identification cards and the stealth-operators, who work invincible. That deals mission is to ensure, that those persons who authorize certificates get the right information about the target organization. And also security personnel must patron in the area by physically and using electronic equipment. That is calling “the offensive security”. The security personnel wants to patrol all the time in their workspace and make the sudden tests how the security works in the company.


That is important when certifications are given for training or educational purpose. There is a risk that those companies just take the money don’t make any educations. And that might cause the situation, that the trust of that certificate and systems decreases. Educational certificates are normally given for some specific system, and they are controlled by the organization, what delivery of the system. And if those systems don't work good, the result might be devastating for that organization business. Here we must say that the golden rule of the security analyses is “the quieter you become, the more you are able to hear and see”. That motto is from Kali-Linux homepages.


That is because if there are some problems, those people can contact to their boss to inform that person of those things. And of course, they will inform if something disturbs them. They don’t call to target organization couple of days later and tell the people, that somebody disturbs them when they want to speak with senior specialists. Also, the report what those people, will make is always public. Or at least there is the couple of words to say about it. The target organization chief normally mentions what kind of picture they got from the organization and its workers.


Sometimes there are so-called fake certificate makers who are possibly some unemployed persons, who are from another country. They think that if that person is coming from other country and speaks foreign languages, the target organization will not doubt them. That is the legendary trick what is used in industrial spying and stealing the information. That’s why those companies what offers that kind of service must have strong background checks, and they must show their authority of the certificate.


A couple of persons from the United States will come to the workplace and then they will take photographs and collect the information about target organization. And when there was wait for the report, it won’t come on the time, and after the reclamation, there was no that kind of company even exist. That is the lesson, what everybody must always remember when there is coming to some certificate to the company.