CYBER SECURITY

In the area of Cyber Security, thanks to our experts and the use of the latest technologies, we limit cyber threats and keep your data and your IT system safe.

CONSULTING

INFORMATION SECURITY CONSULTING (DESIGN & TECHNOLOGY)

  • Consultancy in the design, implementation, adoption and implementation of business and IT processes
  • Identification of requirements, areas for improvement at the level of people, processes and technology
  • Preparation and implementation of improvement programs, optimization of people, processes and technologies
  • Consultancy services for the implementation of quality management systems

INFORMATION SECURITY

SECURITY STRATEGIES, POLICIES AND SYSTEMS FOR MANAGING INFORMATION SECURITY

  • Risk analysis and definition of acceptable risk levels
  • Identification of measures to minimize the risk at the desired level
  • Implementation of processes and tools for secure management of user data
  • Verification of compliance with sectoral legislation
  • Management and control of information security processes
  •  

BUSINESS CONTINUITY

BUSINESS CONTINUITY CONSULTING

  • Analysis of the situation and identification of key business processes
  • Conducting business impact analysis (BIA) and risk analysis (RA)
  • Preparation of Business Continuity strategy
  • Preparation of Business Continuity plans (emergency response, alternative procedures, recovery, crisis communication, crisis management, etc …)
  • Testing Business Continuity plans
  • Periodic review of plans
  • Trainings and awareness raising for employees(information security awareness )

PRIVACY

COMPLIANCE ANALYSIS, GAP ANALYSIS, PRIVACY IMPACT ASSESSMENTS

  • Preparatory workshops
  • Identification of the data repositories
  • Identification of threats and risk levels (GDPR)
  • Privacy impact assessment (PIA)
  • Definition of data protection strategies
  • Establishing data management processes
  • Definition of incident response procedures
  • Definition of incident management procedures
  • Optimization of activities and processes
  • Conducting audits and reporting
  • Conformity assessment
  • Trainings

SIEM

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

  • Design and implementation of SIEM solutions for „on premise“ business / operating model
  • Information Security management services in outsourcing:
    • Operational model analysis, Information Security Technical systems analysis
    • Complete integrated services SOCaaS

SYSTEM INTEGRATION

IDENTITY AND ACCESS MANAGEMENT (IDM, PAM)

  • Central Access Control, Identity management systems (IDM)
  • Compliance, traceability, automation and optimization

INFRASTRUCTURE SECURITY

PREPARATION AND IMPLEMENTATION OF INFRASTRUCTURE SECURITY MANAGEMENT SYSTEMS

  • Analysis and design of network security systems
  • Implementation and configuration of Firewalls
  • Design and implementation of intrusion detection and prevention systems(IPS)
  • Data Detection and Deflation Solutions (DLP)
  • Design of systems for the management of:
    • Web application security
    • Information Security of mobile devices and applications
    • Information Security in the cloud environment
    • Information Security of industrial process and systems
    • Data Center Security
    • Security for endpoint clients (PC)

ASSESSMENT AND INFORMATION

SECURITY ASSESSMENTS AND INFORMATION SYSTEMS AUDITS

  • Assessment and review services performed by applying international standards, guidelines
  • auditing services in accordance with international standards, guidelines and best practices (eg COBIT, ITIL, ISO / IEC 27000 family …) and regulatory requirements
  • Identification of areas for improvement (people, processes, technologies)
  • Assistance in the implementation of improvement measures
  • Review of the external and internal reviews
  • Specific audit reviews

TEST & ASSESSMENT

PENETRATION TEST AND VULNERABILITY ASSESSMENT

  • Penetration Test on infrastructures and IT applications with attack simulations
  • Vulnerability Assessment for the identification of network infrastructure vulnerabilities, servers, clients, applications

For both we perform:

  • Internal and external
  • Web pages and applications
  • Mobile applications
  • raising awareness of employees ASAP

PRO.Red

PRO.Red advanced security check.

  • The tests-checks are performed in collaboration with certified ethical hackers.

SOCAAS

24/7/365 INFORMATION SECURITY MONITORING AND MANAGEMENT (SOCAAS)

  • Continuous monitoring by qualified analysts, system administrators, hunters and incident managers
  • Process support:
    • Accepting tickets from users
    • Receiving notifications and alarms from the control (SIEM) system
    • Regular reporting to internal stakeholders
    • Basic and advanced triage
    • Alarms and escalations
    • Response to perceived incidents
    • Exchange of security informations
  • Additional services
    • Quality control
    • Periodic security reviews of potential internal network vulnerabilities with automated tools
    • Web application security overview
    • Security code analysis
    • Social engineering test
    • Awareness raising and education.
    • Reporting to external stakeholders

CERTIFICATION

CERTIFICATION PREPARATION PROGRAM

Assistance and preparation of organizations in the process of obtaining certifications.

Certification preparation activities are carried out by certified and highly qualified personnel.

The preparations for certifications cover the following standards and and best practice:

  • ISO/IEC 27000
  • ISO 9000
  • ISO 31000
  • ISO 22301
  • ISO 20000
  • GDPR

We do not perform external compliance audits, but we do advise our clients to be certified by qualified organizations.

EDUCATION

EDUCATION AND AWARENESS (IT SECURITY AND COMPLIANCE)

  • Business impact simulation
  • Training courses (either at the company or at the client area)
  • Organization of virtual classroom courses
  • Organization of on-line course (e – learning)
  • Test administration and assessment
  • Obtaining certifications
  • Training workshops with qualified personnel
Le nostre linee fisse sono in manutenzione.
Per comunicare con gli uffici di DBA Group si prega di contattare i seguenti numeri:
Landline is under maintenance.
Please contact us on