It is hard to imagine today's business without information technology and big data of various types: internal critical information, clients' and partners' information.
The level of security a company can maintain for such information has a direct impact on its competitive strengths and bottom lines.
The range of information security challenges is constantly increasing and includes both internal threats — data losses from users, misuse of information and processing tools, etc., and external ones, such as competitive intelligence, interception of information transferred via insecure channels.
Adoption of a comprehensive information security management system embracing organizational and technological information security safeguards and controls will ensure an adequate level of data protection in the organization.
Our services are designed to enable you to make sure at any time that your information security management system is effective, and to adjust any deviations and non-conformities, if any, in a timely manner.
Our information security services include:
As part of this service, our experts audit the customer's information management and security system for compliance with applicable information security requirements.
The following requirements can be included in the audit scope:
The gap analysis is strongly recommended if:
The gap analysis enables you to define your current level of compliance with relevant requirements and benefit from its findings by making a plan of actions to meet the applicable set of standards.
The gap analysis procedure comprises the following steps:
ISO/IEC 27001:2013 is a de facto standard in information security management. Its requirements can be applied by any organization regardless of its industry and business area or technology it uses.
The adoption of an information security management system compliant with ISO/IEC 27001:2013 makes it possible to:
The ISO/IEC 27001:2013 certification is strongly recommended if:
We offer services on certification audits for compliance with ISO/IEC 27001:2013 requirements. Further information is available in the ISO 27001 CERTIFICATION section.
Further information about our information security trainings is available on the web-page Our Training Courses.
Information security risk management is a core process within the information security management system. Being at the interface of two tiers of information security management—strategic and tactical, this process bridges the business decision making level with information security level, and enables you to:
The procedure for identification and assessment of information security risks involves:
We provide services of instrumental analysis of vulnerability and penetration testing. These services may include both internal and external scanning and penetration tests.
These services are based on the world's best practices in carrying out operations of that kind, including such methods as OSSTMM v3.0 and OWASP Testing Guide v3.