CYBER SECURITY

In the area of Cyber Security, thanks to our experts and the use of the latest technologies, we limit cyber threats and keep your data and your IT system safe.

CONSULTING

INFORMATION SECURITY CONSULTING (DESIGN & TECHNOLOGY)

Consultancy in the design, implementation, adoption and implementation of business and IT processes
Identification of requirements, areas for improvement at the level of people, processes and technology
Preparation and implementation of improvement programs, optimization of people, processes and technologies
Consultancy services for the implementation of quality management systems

INFORMATION SECURITY

SECURITY STRATEGIES, POLICIES AND SYSTEMS FOR MANAGING INFORMATION SECURITY

Risk analysis and definition of acceptable risk levels
Identification of measures to minimize the risk at the desired level
Implementation of processes and tools for secure management of user data
Verification of compliance with sectoral legislation
Management and control of information security processes

BUSINESS CONTINUITY

BUSINESS CONTINUITY CONSULTING

Analysis of the situation and identification of key business processes
Conducting business impact analysis (BIA) and risk analysis (RA)
Preparation of Business Continuity strategy
Preparation of Business Continuity plans (emergency response, alternative procedures, recovery, crisis communication, crisis management, etc …)
Testing Business Continuity plans
Periodic review of plans
Trainings and awareness raising for employees(information security awareness )

PRIVACY

COMPLIANCE ANALYSIS, GAP ANALYSIS, PRIVACY IMPACT ASSESSMENTS

Preparatory workshops
Identification of the data repositories
Identification of threats and risk levels (GDPR)
Privacy impact assessment (PIA)
Definition of data protection strategies
Establishing data management processes
Definition of incident response procedures
Definition of incident management procedures
Optimization of activities and processes
Conducting audits and reporting
Conformity assessment
Trainings

SIEM

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

Design and implementation of SIEM solutions for „on premise“ business / operating model
Information Security management services in outsourcing:
- Operational model analysis, Information Security Technical systems analysis
- Complete integrated services SOCaaS

SYSTEM INTEGRATION

IDENTITY AND ACCESS MANAGEMENT (IDM, PAM)

Central Access Control, Identity management systems (IDM)
Compliance, traceability, automation and optimization

INFRASTRUCTURE SECURITY

PREPARATION AND IMPLEMENTATION OF INFRASTRUCTURE SECURITY MANAGEMENT SYSTEMS

Analysis and design of network security systems
Implementation and configuration of Firewalls
Design and implementation of intrusion detection and prevention systems(IPS)
Data Detection and Deflation Solutions (DLP)
Design of systems for the management of:
- Web application security
- Information Security of mobile devices and applications
- Information Security in the cloud environment
- Information Security of industrial process and systems
- Data Center Security
- Security for endpoint clients (PC)

ASSESSMENT AND INFORMATION

SECURITY ASSESSMENTS AND INFORMATION SYSTEMS AUDITS

Assessment and review services performed by applying international standards, guidelines
auditing services in accordance with international standards, guidelines and best practices (eg COBIT, ITIL, ISO / IEC 27000 family …) and regulatory requirements
Identification of areas for improvement (people, processes, technologies)
Assistance in the implementation of improvement measures
Review of the external and internal reviews
Specific audit reviews

TEST & ASSESSMENT

PENETRATION TEST AND VULNERABILITY ASSESSMENT

Penetration Test on infrastructures and IT applications with attack simulations
Vulnerability Assessment for the identification of network infrastructure vulnerabilities, servers, clients, applications

For both we perform:

Internal and external
Web pages and applications
Mobile applications
raising awareness of employees ASAP

PRO.Red

PRO.Red advanced security check.

The tests-checks are performed in collaboration with certified ethical hackers.

SOCAAS

24/7/365 INFORMATION SECURITY MONITORING AND MANAGEMENT (SOCAAS)

Continuous monitoring by qualified analysts, system administrators, hunters and incident managers
Process support:
- Accepting tickets from users
- Receiving notifications and alarms from the control (SIEM) system
- Regular reporting to internal stakeholders
- Basic and advanced triage
- Alarms and escalations
- Response to perceived incidents
- Exchange of security informations
Additional services
- Quality control
- Periodic security reviews of potential internal network vulnerabilities with automated tools
- Web application security overview
- Security code analysis
- Social engineering test
- Awareness raising and education.
- Reporting to external stakeholders

CERTIFICATION

CERTIFICATION PREPARATION PROGRAM

Assistance and preparation of organizations in the process of obtaining certifications.

Certification preparation activities are carried out by certified and highly qualified personnel.

The preparations for certifications cover the following standards and and best practice:

ISO/IEC 27000
ISO 9000
ISO 31000
ISO 22301
ISO 20000
GDPR

We do not perform external compliance audits, but we do advise our clients to be certified by qualified organizations.

EDUCATION

EDUCATION AND AWARENESS (IT SECURITY AND COMPLIANCE)

Business impact simulation
Training courses (either at the company or at the client area)
Organization of virtual classroom courses
Organization of on-line course (e – learning)
Test administration and assessment
Obtaining certifications
Training workshops with qualified personnel